[Cryptography] [FORGED] Re: Is ASN.1 still the thing?
Erwann ABALEA
erwann at abalea.com
Wed Nov 15 16:32:15 EST 2017
2017-11-15 22:03 GMT+01:00 Nico Williams <nico at cryptonector.com>:
> On Wed, Nov 15, 2017 at 09:52:13PM +0100, Erwann ABALEA wrote:
> > 2017-11-15 18:10 GMT+01:00 Nico Williams <nico at cryptonector.com>:
> > > Mind you, just using BER/DER/CER is not sufficient, since a decoder is
> > > free to produce an error when it sees unexpected SEQUENCE fields. And
> > > for CHOICEs and SETs the extensibility markers are even more important.
> >
> > A decoder doing that wouldn't be compliant. X.690 Clause 8.1.1.4 forbids
> it.
> >
> > [...]
> >
> > The clause is present (without the NOTE) in the 1997 edition of the
> > standard.
>
> Right, but IIRC it was not in the 1984 version, or there were such
> implementations back then. And in any case, non-TLV encodings like PER
> require knowledge of extensibility markers, thus they were added.
>
Right. X.208 didn't have anything about extensibility, it was added in
X.680 1997 edition (in fact it was introduced as an amendment in 1995).
X.690 1994 edition obviously didn't contain anything about extensibility.
Reading X.509, only the 2 or 3 latest editions (of X.509v3) have
extensibility declared. That is, the type TBSCertificate has seen added
elements (2 identifiers in v2, and the extensions in v3), but this type has
been redefined only recently to include the extensibility markers (and
misplaced version markers).
> IIRC ASN.1's creators never expected to add something like PER, but they
> did it because of complaints from the IETF crowd about the silliness of
> TLV encodings, about the superiority of "bits on the wire" specs to TLV.
>
X.209 (the ancestor of X.690) only defined BER, not even DER.
> The IETF participants who complained were right, and the ITU-T was right
> to respond by adding PER. (Which goes to show that the ASN.1 community
> was and probably still is responsive.)
>
It still is, as OER is pretty recent, and JSER should be finalized shortly.
ASN.1 is far from being dead :)
--
Erwann.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171115/87933ba6/attachment.html>
More information about the cryptography
mailing list