[Cryptography] Is ASN.1 still the thing?
Nico Williams
nico at cryptonector.com
Wed Nov 15 19:53:19 EST 2017
On Wed, Nov 15, 2017 at 04:00:54PM -0800, Bill Frantz wrote:
> Back when I was working the the Simple Public Key Infrastructure (SPKI) with
> the IETF, Carl Ellison had very strong complaints about ASN.1's signing
> protocols. He told me that to follow the standard, when you received a
> message, you broke it down into the native formats of your computer, and
> then re-encoded it before checking the signature. This procedure failed
> miserably when the two computers used different floating point formats: e.g.
> IBM 370 and IBM PC.
Well, x.509/PKIX does suck this way in that it says to use DER for
computing signatures, but doesn't say to use DER for the actual
TBSCertificate as issued. This means that you do have to decode and
re-encode in order to verify signatures. That's _PKIX_'s fault, not
DER's. (In practice I suspect all issues only use DER anyways.)
You could say that having as much rope as N>1 encoding rules to choose
from is the problem, but we were always bound to have a multiplicity of
encoding rules. Picking from among those is like picking from among
those and XDR and PB and XML and JSON/CBOR/BSON/whatever -- pick
wisely!
As to the issues with Real values not round-tripping, well, x.509 does
not use Real, so I'm not sure what he meant. Maybe SPKI did??
And yes, in general, one cannot expect anything other than smallish
integers (32- or 64-bit, signed or unsigned) to round-trip. This issue
comes up all the time in many open source communities I participate in,
such as jq or SQLite3. People are always surprised by IEEE754 issues.
Nico
--
More information about the cryptography
mailing list