[Cryptography] Is ASN.1 still the thing?

James A. Donald jamesd at echeque.com
Sun Nov 26 23:34:57 EST 2017


One of the reasons we have far too many serialization protocols is that 
we don't need a serialization protocol at all.  We don't want to 
serialize arbitrary data, because the whole point of serializing data is 
so that someone else can deserialize that data.  And he does not want to 
deserialize arbitrary data.  He wants to deserialize particular message 
types known in advance.

So, a serialization protocol needs to be part of, and an afterthought 
to, a message type negotiation that occurs when forming a connection, 
the sockets and protocol negotiation when forming a connection.  The two 
ends need to agree on a set of known message types that cannot represent 
arbitrary data, but can only represent a small set of object types known 
in advance to both ends at compile time.




---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus



More information about the cryptography mailing list