[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on client auth

To: ben@algroup.co.uk, spki@c2.org
Subject: Re: comments on client auth
From: hallam@Etna.ai.mit.edu
Date: Fri, 14 Jun 96 18:12:03 -0400
Cc: hallam@Etna.ai.mit.edu
In-Reply-To: Your message of "Fri, 14 Jun 96 20:51:44 BST." <9606142051.aa14541@gonzo.ben.algroup.co.uk>
Sender: owner-spki@c2.org

I agree that writing a DER dumper is not very hard. A DER encoder is
a complete pain in the butt.

This is because DER uses fixed length recursive encodings, before writing the 
first byte of the message it is necessary to analyse the entire message. 
Consider the structure :-

struct {
    integer	a
    struct {
	integer	b
	integer c
	}
    }

This is translated into tag - length value as follows

TAG-STRUCT length (struct length (a) + 
	length (struct + length (b) + length (c)))
    TAG-INTEGER length (a) a
    TAG-STRUCT length (struct + length (b) + length (c))
	TAG-INTEGER length (b) b
	TAG-INTEGER length (c) c

Ie to calculate the length of the outer wrapper one must first encode the inner 
content. This is a pain, it is impossible to do it with a linear traversal of 
the structure. 

Plus the length of length items is itself variable so its all a lot of hard 
work.

I know that there are ASN.1 supporters but having written code myself and found 
the spec to be baddly thought out, the documentation baddly organised and the 
architecture needlessly complex I'm not amongst them. 


		Phill

References:

Re: comments on client auth

From: Ben Laurie <ben@gonzo.ben.algroup.co.uk>

Prev by Date: Re: comments on client auth
Next by Date: Re: comments on client auth
Next by thread: Re: SDSI name interpretation
Index(es):
- Main
- Thread