[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: certificate translation

> From: Carl Ellison <cme@cybercash.com>
> A real example:
> We can make 5-tuples from any kind of certificate, including X.509v3.  
> However, one leading set of ASN.1 code for parsing X.509v3 takes, in minimum 
> memory form, over 300KB of code.  It might be good to have a specialist 
> server tie up that memory and translate such certs into 5-tuples which are 
> then transmitted to the 5-tuple caches of those who want the work saved.

Another real example:

One other set of ASN.1 code for parsing X.509v3 certs is 42K bytes of
SPARC object code, of which 20KB is the actual BER/X.509 parser/decoder,
15KB is a much-larger-than-necessary OID dictionary, and 7KB is the main
program to read the cert, decode it, and display it.  If you just want
X.509v3 to 5-tuple conversion, you should be able to do it in an order-of-
magnitude less memory than 300KB.