[Cryptography] Is ASN.1 still the thing?

John-Mark Gurney jmg at funkthat.com
Sat Nov 25 02:52:55 EST 2017

Peter Gutmann wrote this message on Fri, Nov 17, 2017 at 10:17 +0000:
> Santosh Chokhani <santosh.chokhani at gmail.com> writes:
> >Wow.  That is magic.  Do not decode a certificate but verify signature and
> >extract fields.
> How about "do a string search through the encoded cert data until you find the
> OID for the public key, then extract the key components from the bytes that
> follow and use those".  That's what you get when the spec mandates the use of
> a full-blown PKI and the target hardware is a Cortex M0 or an MSP430.

I really hope that's not the case, because if it doesn't fully parse
all the leading data, you are now open to a packet-in-packet style attack.

  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."

More information about the cryptography mailing list