Anne & Lynn Wheeler wrote:
Peter Gutmann wrote:

That cuts both ways though. Since so many systems *do* screw with data (in insignificant ways, e.g. stripping trailing blanks), anyone who does massage data in such a way that any trivial change will be detected is going to be
inundated with false positives.  Just ask any OpenPGP implementor about
handling text canonicalisation.


this was one of the big issues in the asn.1 encoding vis-a-vis xml encoding wars.

asn.1 encoding provided deterministic encoding for signed material,

You mean it _would_ have done if anyone could implement it correctly. Sadly, experience shows that no-one can.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to