[Cryptography] Is ASN.1 still the thing?

Christian Huitema huitema at huitema.net
Sun Nov 26 00:49:19 EST 2017

On 11/25/2017 7:57 PM, Nico Williams wrote:

> Are you referring to the EXPLICIT keyword?
> Explicit tagging -> TLV nesting.  I.e., TLV' where V' is the underlying
> TLV, so: TLTLV.
> That's right: extra redundantly and ridiculously wasteful.
The problem is the combination of EXPLICIT and DEFAULT. The spec:

        version [0] EXPLICIT Version DEFAULT v1

Normally encodes something like <T=[0], L=..., V = { T="version", L=...,
V= NNN }>, but in the case where V=v1, you get three plausible encodings:

1) nothing
2) <T=[0], L=..., V = { T="version", L=..., V=v1 }>
3) <T=[0], L=0>

Arguably, sensible IDL syntaxes should not have anything like the
EXPLICIT clause. It is just overhead, and generates puzzling situations
like the one above. But then, ASN.1 used to allow

        extension-1 [1] EXPLICIT ANY

Which make for powerful constructs. Or powerful foot guns, depending how
you look at it.

-- Christian Huitema

More information about the cryptography mailing list