[Cryptography] Is ASN.1 still the thing?

Nico Williams nico at cryptonector.com
Tue Nov 14 16:34:09 EST 2017


On Mon, Nov 13, 2017 at 07:40:29PM +0000, Jason Cooper wrote:
> On Mon, Nov 13, 2017 at 06:41:31PM +0000, Howard Chu wrote:
> > Fwiw, liblber in OpenLDAP is extremely efficient for parsing ASN.1.
> > It allows OpenLDAP slapd to run at line speed, even on multigigabit
> > network links.
> 
> So I see it's a part of the OpenLDAP repo at:
> 
>   http://www.openldap.org/software/repo/openldap.git
> 
> Under libraries/liblber/ .
> 
> Would you consider breaking that out into a separate repository?  I and
> a few others would be willing to assist with the effort if you are.

Heimdal has an actual, honest-to-goodness ASN.1 compiler with BER and
DER support.  We should break it out into a separate repository too.

Heimdal's ASN.1 compiler compiles ASN.1 to C, and is very easy to use.

It also has an option to compile to an interpreted, bytecode-like
template that produces much less object code.

Not that DER is a fantastic encoding.  PER is *much* better.  But that
there is no excude to reinvent this wheel nowadays.

Reimplement, sure.  Reinvent?  Please spare the rest of us having to
implement yet another encoding.

Really, inventing a new encoding imposes a large burden on the rest of
the world, and usually only because the re-inventor(s) couldn't be
bothered to burden themselves with the cognitive load of reading and
understanding an existing spec.  Don't do it!

Nico
-- 


More information about the cryptography mailing list