[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Binary vs. ASCII for certificates

A few small comments:

(1) I can imagine certificates containing intrinsically non-textual data
    (most particularly, it might be nice to have an image of the person
    whose key it is).

(2) I agree that for public-key operations, the extra cost of parsing
    an ASCII-formatted certificate is probably negligible, compared to
    the cost of performing the associated public-key operations.  

(3) It perhaps should not be overlooked that ASN.1 does not necessarily 
    require "binary" encodings.  It would be a simple matter to define
    "AER" (Ascii encoding rules) for ASN.1 that might be preferable for
    some purposes to the BER/DER encodings.  However, such encodings would,
    if they are in the true spirit of ASN.1, still be missing the mnemonic
    labels identifying the parts, and might still be rather complicated
    to parse.  Still, some such encoding rule might be a useful adjunct to the
    X.509 certificate procedures.

    A related question is whether the ASCII certificate that is non intended
    to be a representation of some X.509 certificate is nonetheless 
    representable in a satisfactory manner (and more strongly, automatically
    transformable into) some "equivalent" X.509 certificate.  (And, of 
    course, whether this is wanted...)

(4) One must be careful to define what bytes are actually "present" in an
    ASCII encoding, since the contents will be digitally signed.  The 
    treatment of whitespace, etc., needs to be carefully specified.

        Ron Rivest