[Cryptography] Is ASN.1 still the thing?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Nov 14 20:18:39 EST 2017


Jason Cooper <cryptography at lakedaemon.net> writes:

>But the fact is, DER was never intended for stream parsing/encoding.

Exactly, and that's why BER exists.  So saying "ASN.1 isn't streamable" is,
apart from the technical incorrectness (it's a notation, not an encoding
format), also wrong because BER was specifically designed to be streamable.
Contrast that with things like TLS and SSH, which don't have any form of
indefinite-length encoding at all (I'm focusing on security-protocol formats
here, not any encoding in general, thus the mention of TLS, SSH, etc).

In fact BER does a much better job than other indefinite-length encoding
formats like the PGP one, whose crazy fixed-point length format requires that
you quantise the data into awkward lengths (ones that don't correspond to
cipher block boundaries, for example) dictated by the limits of what length
value you can encode.  With BER, you just drop a continuation marker whenever
you feel like ending a block.

ASN.1 has a lot of design-by-committee junk in it (the date format, for
example), but BER and DER are pretty clean.

Peter.


More information about the cryptography mailing list