Re: SSL sans RSA

New Message Reply About this list Date view Thread view Subject view Author view

Bill Frantz (frantz@netcom.com)
Sat, 20 Feb 1999 23:15:18 -0700


At 6:42 PM -0700 2/20/99, James A. Donald wrote:
> --
>At 04:17 PM 2/17/99 +0100, Martin Grap wrote:
>> Have a look at RFC 2459 (Internet X.509 Public Key
>> Infrastructure Certificate and CRL Profile). The document
>> describes object-Id's and other ASN.1 stuff for algorithms
>> different from RSA when used in X.509 cetificates.
>
>Warning: I have heard numerous complaints that ASN.1 sucks
>mightily--not that I understand the complaints or am
>competent to judge them.

It is a pain to parse unless you have a library. There are many valid
encodings for the same data (which makes signatures on that data somewhat
difficult. DER, the Distinguished Encoding Rules are supposed to have only
one encoding for any particular piece of data, but in at least one
standard, to check the signature on a floating point value, you were
supposed to convert it to the platform's internal coding and then back to
ASN.1 and then check the signature. Not many floating point values
survived this treatment intact. If you really want the story, ask Carl
Ellison.

However, like Windows, the 8088 architecture, and VHS, we are probably
stuck with ASN.1.

-------------------------------------------------------------------------
Bill Frantz | Macintosh: Didn't do every-| Periwinkle -- Consulting
(408)356-8506 | thing right, but did know | 16345 Englewood Ave.
frantz@netcom.com | the century would end. | Los Gatos, CA 95032, USA


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28