[Cryptography] Is ASN.1 still the thing?
thierry.moreau at connotech.com
Mon Nov 27 07:33:12 EST 2017
On 27/11/17 04:34 AM, James A. Donald wrote:
> One of the reasons we have far too many serialization protocols is that
> we don't need a serialization protocol at all. We don't want to
> serialize arbitrary data, because the whole point of serializing data is
> so that someone else can deserialize that data. And he does not want to
> deserialize arbitrary data. He wants to deserialize particular message
> types known in advance.
> So, a serialization protocol needs to be part of, and an afterthought
> to, a message type negotiation that occurs when forming a connection,
> the sockets and protocol negotiation when forming a connection. The two
> ends need to agree on a set of known message types that cannot represent
> arbitrary data, but can only represent a small set of object types known
> in advance to both ends at compile time.
This is an incomplete picture.
A digital signature needs serialization. The relying parties do not
negotiate with the signatory prior to the signing operation when the
signature is for a more-than-transient data life span. E.g. a certificate.
> This email has been checked for viruses by Avast antivirus software.
> The cryptography mailing list
> cryptography at metzdowd.com
More information about the cryptography