[Cryptography] Is ASN.1 still the thing?

Judson Lester nyarly at gmail.com
Mon Nov 13 16:56:40 EST 2017

On Mon, Nov 13, 2017 at 10:57 AM Howard Chu <hyc at symas.com> wrote:

> The subject of this message thread ought to be "why are people still
> inventing
> serialization formats?" ASN.1 works well from network and CPU efficiency
> perspective, *and* is reliable for security-oriented usage.

There's the langsec argument to be made that DER is fairly complicated to
parse, and as a result many critical errors have been found in popular ASN
parser generators. Specifically, the theory is that simpler Chomsky
categories of languages should be used as protocol encodings, and that DER
is context free. The largest proponents of this position, however, suggest
using JSON on the grounds that it is context-sensitive - a claim which I've
always been idly sure collapses if you insist on a normalized form, or even
that fields not repeat.

That said, using a regular language for a secure protocol seems sensible,
and the parsers have been with us for a long time.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171113/9142c301/attachment.html>

More information about the cryptography mailing list