On 29/09/13 16:13 PM, Jerry Leichter wrote:
On Sep 26, 2013, at 7:54 PM, Phillip Hallam-Baker wrote:
...[W]ho on earth thought DER encoding was necessary or anything other than 
incredible stupidity?...
It's standard.  :-)

We've been through two rounds of standard data interchange representations:

1.  Network connections are slow, memory is limited and expensive, we can't 
afford any extra overhead.  Hence DER.
2.  Network connections are fast, memory is cheap, we don't have to worry about 
them - toss in every last feature anyone could possibly want.  Hence XML.

Starting from opposite extremes, committees of standards experts managed to 
produce results that are too complex and too difficult for anyone to get right 
- and which in cryptographic contexts manage to share the same problem of 
multiple representations that make signing such a joy.

BTW, the *idea* behind DER isn't inherently bad - but the way it ended up is 
another story.  For a comparison, look at the encodings Knuth came up with in 
the TeX world.  Both dvi and pk files are extremely compact binary 
representations - but correct encoders and decoders for them are plentiful.  
(And it's not as if the Internet world hasn't come up with complex, difficult 
encodings when the need arose - see IDNA.)

Experience suggests that asking a standards committee to do the encoding format is a disaster.

I just looked at my code, which does something we call Wire, and it's 700 loc. Testing code is about a kloc I suppose. Writing reference implementations is a piece of cake.

Why can't we just designate some big player to do it, and follow suit? Why argue in committee?

The cryptography mailing list

Reply via email to