[Cryptography] Is ASN.1 still the thing?

Bill Frantz frantz at pwpconsult.com
Sat Nov 18 14:57:08 EST 2017

On 11/17/17 at 1:02 PM, nico at cryptonector.com (Nico Williams) wrote:

>For security protocols this should be a non-issue though: we don't use
>real numbers.  But someone said they were advised to stay away from
>ASN.1 because of this issue when designing SPKI -- that's just nonsense :/

It may be nonsense, but Carl Ellison was severely burned by this 
issue on a project before we started developing the SPKI spec. 
That experience, along with the large number of security flaws 
in ASN.1 implementations, made him hate ASN.1. Since he was a 
principle author of SPKI, we followed his wish to avoid ASN.1 
like the plague. That's the history.

Cheers - Bill

Bill Frantz        |The nice thing about standards| Periwinkle
(408)356-8506      |is there are so many to choose| 16345 
Englewood Ave
www.pwpconsult.com |from.   - Andrew Tanenbaum    | Los Gatos, 
CA 95032

More information about the cryptography mailing list