Ben Laurie <[EMAIL PROTECTED]> writes:
>Anne & Lynn Wheeler wrote:
>> Peter Gutmann wrote:
>>> That cuts both ways though.  Since so many systems *do* screw with
>>> data (in
>>> insignificant ways, e.g. stripping trailing blanks), anyone who does
>>> massage
>>> data in such a way that any trivial change will be detected is going
>>> to be
>>> inundated with false positives.  Just ask any OpenPGP implementor about
>>> handling text canonicalisation.
>> this was one of the big issues in the asn.1 encoding vis-a-vis xml
>> encoding wars.
>> asn.1 encoding provided deterministic encoding for signed material,
>You mean it _would_ have done if anyone could implement it correctly. Sadly,
>experience shows that no-one can.

Right, but that's lead to a de-facto encoding rule of "The originator encodes
it however they like, and everyone else re-encodes it (if required) using
memcpy()".  The advantage of the format is that it's never tried to be
anything other than a pure binary-only format, so moving it over text-only
channels is handled at the next layer down (usually base64), rather than
trying to make the encoding itself text-only-capable and then finding yourself
in a world of pain when half the systems the stuff passes through mangle the


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to