Nico Williams <[email protected]> writes: >Why even have a tag?? The ASN.1 Packed Encoding Rules (think ONC XDR with 1- >byte alignment instead of 4-byte alignment) doesn't use tags at all.
Which makes them impossible to statically check, and leads to hellishly complex decoders. >In BER/DER/CER/XML you get a lot of redundancy: tag-length-value, sometimes >tag-length-tag-length-value (e.g., when explicit tagging is used). This is a feature, not a flaw, because it means you can statically type-check it. With BER/DER I can implement a filter that takes as input any encoded blob and reports true or false for the question "is this well-formed data". With CER (and XML, and PGP, and SSH, and SSL/TLS, and IPsec) I can't. >If you want to prevent new bugs in these areas, let's start with putting the >venerable BER/DER/CER to rest in the trash bin. Legacy will make that a >difficult proposition. BER and DER are actually the safest encodings of the major security protocols I work with. I'd rank them, in terms of danger, as: SSH [Long gap] PGP, SSL/TLS [Smaller gap] BER/DER Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
