Alex Alten (Alten@home.com)
Tue, 23 Feb 1999 20:19:43 -0800
At 05:02 PM 2/23/99 +0100, you wrote:
>pgut001@cs.auckland.ac.nz (Peter Gutmann) writes:
>> ASN.1, if used properly, is an extremely elegant and powerful
>> notation for describing data formats.
>
>I'm not so sure about this... I once tried to write a grammer for
>ASN.1, for a LR parser generator. I.e., parsing the type descriptions,
>not just the encoded data objects. I failed. I'm not even convinced
>that ASN.1 is unambigous. I have heard that things like SNMP that uses
>ASN.1 heavily uses a well defined subset of ASN.1, which should be
>easier to parse.
Back in the Win 3.0 days I implemented an SNMP stack from scratch.
It took me much longer than I expected, mainly because of ASN.1 (and
also because 3.0 is non-preemptive). Assembling SNMP packets was
difficult because you couldn't calculate header data before you knew
the final encoding of the payload data. I had to use close to a dozen
temporary buffers to hold partially assembled packet fragments, this will
slow a protocol down quite a bit. On a 386/40 I was happy to get around
20 packets a second (for comparison Netware did about 800 NCP packets
per second on the same hardware). Later I tried to design a secure SNMP
protocol using RSA for authentication and a block cipher for session
privacy. What a mess! RSA expands stuff to it's modulus size. So
imagine ASN.1 encoding your hash + session key +..., then running it
through RSA. Then encoding the result in ASN.1 again. It heavily
bloated the packet header by an unpredictable amount. After those
experiences I vowed never to use ASN.1 again if at all possible. (I
also didn't care much for RSA after the last experience). Except for
SNMP v1, I don't think any other protocol using ASN.1 has been successful,
especially security ones. For example look at Kerberos v5 or SET or the
first couple of secure SNMP attempts.
- Alex
--Alex Alten
Alten@Home.Com Alten@TriStrata.Com
P.O. Box 11406 Pleasanton, CA 94588 USA (925) 417-0159
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28