[Cryptography] Is ASN.1 still the thing?

Nico Williams nico at cryptonector.com
Fri Nov 17 16:02:39 EST 2017

On Fri, Nov 17, 2017 at 12:36:09PM -0800, Watson Ladd wrote:
> If your serialization doesn't know about floats, it won't work with
> floats. If your source and destination are using different
> representations why on earth would you expect that to work?

IEEE754 is not all that exists as to floating point number
representation.  There are others.  JSON, encoding rules for ASN.1, and
so on, generally try not to be constrained by IEEE754 -- they might not
even mention it.  RFC7159 mentions this issue, and that's it -- no MUST,

> What should be the case, is that your destination gets the closest
> representable approximation to what your source wrote. But that won't
> round trip: how could it?


For security protocols this should be a non-issue though: we don't use
real numbers.  But someone said they were advised to stay away from
ASN.1 because of this issue when designing SPKI -- that's just nonsense :/

More information about the cryptography mailing list