[Cryptography] Is ASN.1 still the thing?

Nico Williams nico at cryptonector.com
Tue Nov 14 22:29:23 EST 2017

On Wed, Nov 15, 2017 at 11:44:08AM +1000, James A. Donald wrote:
> On 11/15/2017 8:00 AM, Nico Williams wrote:
> >The only downside to PER -- the reason we don't use it universally -- is
> >that you really do need tools that can compile a complete ASN.1 module,
> >and these did not exist for a long time, not as open source code
> >anyways.  Of course, the situation is better now, but it's too late.
> >Though it's never too late to say NO to new encodings.
> On the other hand Avro apache seems to be a more complete solution,
> addressing the problem of protocol negotiation, RPC calls, and map reduce
> calls, all of which ASN.1 views as out of scope.

We even had that!!!  It's called ONC RPC.  Or DCE RPC.  Or whatever the
Apollo thing was called.  And there's more, I'm sure.  Lots of complete
solutions.  Remember SOAP, anyone?  That was totally the last complete
solution we were ever going to need.  All of these are actually still in

In two years there will be some other "complete solution".

And what if you need to interop with a whole stack of things?  Maybe you
need an NFSv4 implementation (ONC RPC/XDR) and some MSRPC of some sort
(basically DCE RPC) and some SOAP-ish thing, and...  You'll be spending
enormous amounts of time just reading all the specs, finding tools,
building the ones you can't find, building FFI bindings for the ones you
can.  You'll then curse whoever thought they should add that Nth
"complete solution".

I don't even want to look at this Avro thing.  I bet I'll find lots of
terrible choices were made by people who could not take the time to
learn what came before.  I might be surprised though, but I'm still not
enthused to go look.  I'd rather hope it's good and not find out until
the day I'm forced to.


More information about the cryptography mailing list