[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Binary vs. ASCII for certificates
A few small comments:
(1) I can imagine certificates containing intrinsically non-textual data
(most particularly, it might be nice to have an image of the person
whose key it is).
(2) I agree that for public-key operations, the extra cost of parsing
an ASCII-formatted certificate is probably negligible, compared to
the cost of performing the associated public-key operations.
(3) It perhaps should not be overlooked that ASN.1 does not necessarily
require "binary" encodings. It would be a simple matter to define
"AER" (Ascii encoding rules) for ASN.1 that might be preferable for
some purposes to the BER/DER encodings. However, such encodings would,
if they are in the true spirit of ASN.1, still be missing the mnemonic
labels identifying the parts, and might still be rather complicated
to parse. Still, some such encoding rule might be a useful adjunct to the
X.509 certificate procedures.
A related question is whether the ASCII certificate that is non intended
to be a representation of some X.509 certificate is nonetheless
representable in a satisfactory manner (and more strongly, automatically
transformable into) some "equivalent" X.509 certificate. (And, of
course, whether this is wanted...)
(4) One must be careful to define what bytes are actually "present" in an
ASCII encoding, since the contents will be digitally signed. The
treatment of whitespace, etc., needs to be carefully specified.
Cheers,
Ron Rivest
Follow-Ups: