[Cryptography] [FORGED] Re: Is ASN.1 still the thing?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Nov 13 23:42:37 EST 2017

[Several replies condensed into one]

Jason Cooper <cryptography at lakedaemon.net> writes:

>Above and beyond the complexities of parsing it, there's also the difficulty
>of parsing it on embedded systems.  From my experience, it's extraordinarily
>difficult to parse as a stream.

What experience did you have that makes you say that?  My code runs on a ton
of embedded stuff and there's no problems with parsing it, as a stream or

Jerry Leichter <leichter at lrw.com> writes:

>At Google, protobuf's are *the* medium of exchange for data.

That's because Google inhabit their own private universe, and can decree that
whatever they've dreamed up this morning be a market winner, whether it's
actually a good idea or not.

This is actually answering entirely the wrong question, it's not "does it work
for Google", it's "does it work for anyone who isn't Google"?  The answer, all
too frequently, is "not really".

Howard Chu <hyc at symas.com> writes:

>In ASN.1 DER you're required to use the shortest representation, and the
>decoder must reject the input if it's not in shortest form.

Lest God come down and smite you, for we all know how seriously He/She/It
takes ASN.1 parsing.

>The subject of this message thread ought to be "why are people still
>inventing serialization formats?"

A bigger question should be "what is the OP trying to achieve here"?  While
everyone's debating whose pet serialisation format is the most cromulent, it's
not clear to me that any attempt at canonical serialisation at all is a good
idea.  If the goal is to sign something then the only serialisation you need
is "start hashing after this point" and "stop hashing before this point".
Anything else dooms you to a lifetime of pain, no matter what format you
decide to use.

If you really want something simple, lightweight, and straightforward, what
about XDR?  That's pretty well defined, and dates from a time when primary
design goals were that stuff be efficient and easily implementable, rather
than as complex as you can make it, or as hip as possible, or with angle
brackets (some stuff encompasses all three of those).


More information about the cryptography mailing list