On 2013-09-27 09:54, Phillip Hallam-Baker wrote:
Quite, who on earth thought DER encoding was necessary or anything
other than incredible stupidity?
I have yet to see an example of code in the wild that takes a binary
data structure, strips it apart and then attempts to reassemble it to
pass to another program to perform a signature check. Yet every time
we go through a signature format development exercise the folk who
demand canonicalization always seem to win.
DER is particularly evil as it requires either the data structures to
be assembled in the reverse order or a very complex tracking of the
sizes of the data objects or horribly inefficient code. But XML
signature just ended up broken.
We have a compiler that generates C code from ASN.1 code. Does it not
generate code behind the scenes that does all this ugly stuff for us
without us having to look at the code?
I have not actually used the compiler, and I have discovered that hand
generating code to handle ASN.1 data structures is a very bad idea, but
I am told that if I use the compiler, all will be rainbows and unicorns.
You go first.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography