On Fri, 01 Jun 2007 20:59:55 +1000
"James A. Donald" <[EMAIL PROTECTED]> wrote:

> Many protocols use some form of self describing data format, for
> example ASN.1, XML, S expressions, and bencoding.
> Why?
> Presumably both ends of the conversation have negotiated what
> protocol version they are using (and if they have not, you have big
> problems) and when they receive data, they need to get the data they
> expect.  If they are looking for list of integer pairs, and they get
> a integer string pairs, then having them correctly identified as
> strings is not going to help much.
The most important reason is application flexibility -- very often,
complex data structures are being passed around, and having some
format like those makes life easier.

There is some security benefit, though -- see Section 7 of Abadi
and Needham's "Prudent Engineering Practice for Cryptographic
Protocols" (1995).  (Yes, they're calling for a lot less than
full-blown ASN.1.)

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to