[Cryptography] Is ASN.1 still the thing?

Thierry Moreau thierry.moreau at connotech.com
Mon Nov 27 07:33:12 EST 2017

On 27/11/17 04:34 AM, James A. Donald wrote:
> One of the reasons we have far too many serialization protocols is that
> we don't need a serialization protocol at all.  We don't want to
> serialize arbitrary data, because the whole point of serializing data is
> so that someone else can deserialize that data.  And he does not want to
> deserialize arbitrary data.  He wants to deserialize particular message
> types known in advance.
> So, a serialization protocol needs to be part of, and an afterthought
> to, a message type negotiation that occurs when forming a connection,
> the sockets and protocol negotiation when forming a connection.  The two
> ends need to agree on a set of known message types that cannot represent
> arbitrary data, but can only represent a small set of object types known
> in advance to both ends at compile time.

This is an incomplete picture.

A digital signature needs serialization. The relying parties do not 
negotiate with the signatory prior to the signing operation when the 
signature is for a more-than-transient data life span. E.g. a certificate.

- Thierry

> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list