[Cryptography] Is ASN.1 still the thing?
Jason Cooper
cryptography at lakedaemon.net
Wed Nov 15 11:28:44 EST 2017
Hi Peter,
On Wed, Nov 15, 2017 at 01:18:39AM +0000, Peter Gutmann wrote:
> Jason Cooper <cryptography at lakedaemon.net> writes:
>
> >But the fact is, DER was never intended for stream parsing/encoding.
>
> Exactly, and that's why BER exists. So saying "ASN.1 isn't streamable" is,
> apart from the technical incorrectness (it's a notation, not an encoding
> format), also wrong because BER was specifically designed to be streamable.
Yes, I misspoke. "_x509_ with binary attributes, and hence DER, isn't
designed to be parsed while streaming." Which, for our usecase, makes
it very difficult to a) stream decode on constrained devices, and b)
stream decode efficiently on server-side.
Now, the read-as-BER hack permits stream decoding of x509 in both cases.
Encoding, on the other hand, still requires assembling the whole DER in
memory to encode. Which doesn't work for constrained devices, and is
inefficient for servers.
thx,
Jason.
More information about the cryptography
mailing list