[Cryptography] Is ASN.1 still the thing?

Carl Wallace carl at redhoundsoftware.com
Wed Nov 15 21:15:53 EST 2017

On 11/15/17, 7:53 PM, "cryptography on behalf of Nico Williams"
<cryptography-bounces+carl=redhoundsoftware.com at metzdowd.com on behalf of
nico at cryptonector.com> wrote:

>On Wed, Nov 15, 2017 at 04:00:54PM -0800, Bill Frantz wrote:
>> Back when I was working the the Simple Public Key Infrastructure (SPKI)
>> the IETF, Carl Ellison had very strong complaints about ASN.1's signing
>> protocols. He told me that to follow the standard, when you received a
>> message, you broke it down into the native formats of your computer, and
>> then re-encoded it before checking the signature. This procedure failed
>> miserably when the two computers used different floating point formats:
>> IBM 370 and IBM PC.
>Well, x.509/PKIX does suck this way in that it says to use DER for
>computing signatures, but doesn't say to use DER for the actual
>TBSCertificate as issued.  This means that you do have to decode and
>re-encode in order to verify signatures.  That's _PKIX_'s fault, not
>DER's.  (In practice I suspect all issues only use DER anyways.)

You do not have to decode and re-encode. You can parse enough to verify
the signature then continue parsing the TBSCertificate structure. I tend
to doubt many implementations re-encode because that will fail too often
if you try that approach. I am curious, has anyone ever seen a certificate
that was presented with a BER encoded TBSCertificate structure that
required DER re-encoding to verify? I have not, but I have seen structures
that will not verify if you re-encode.

More information about the cryptography mailing list