[Cryptography] Is ASN.1 still the thing?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Nov 26 02:49:12 EST 2017
Florian Weimer <fw at deneb.enyo.de> writes:
>as someone who has never been formally trained in the ASN.1 arts
That's OK, it's never stopped a lot of RFC authors either :-).
>The problem is this:
>
> version [0] EXPLICIT Version DEFAULT v1,
>
>which has a funny impact on the encoding, which turns out rather irregular at
>this point.
What's the funny impact? The EXPLICIT tag means that instead of the [0]
overriding the INTEGER, you put a [0] before the INTEGER tag.
What is odd is that it's made an EXPLICIT tag in the first place, since the
only thing this tells you is that the author wanted to waste two bytes in each
certificate. That and the fact that later tags are a random mixture of
IMPLICIT and EXPLICIT indicates that this may be one of those RFCs (or at
least ISO specs) where at least some of the authors didn't know ASN.1 (there
are several PKIX RFCs where this is literally the case).
And that's now a completely different issue, the fact that the determined
programmer can write FORTRAN in any language. In the case of data formats,
you can create a mess using any type of notation you feel like. Look at the
TLS extension RFC, for example, and try and guess which extensions were
defined by PKI people trying to turn whatever the TLS encoding is called into
ASN.1...
For a longer discussion of this problem, see the "ASN.1 Design Guidelines" of
the X.509 style guide, including this gem of how to encode a URL:
SEQUENCE { [0] { [0] { SEQUENCE { [6] "http://.." } } } }
Peter.
More information about the cryptography
mailing list