upvote

points

by Muromec13 hours ago |
comments
upvoteby thayne10 hours ago|
next
[-]
The problem with ASN.1 is that it is big and complicated, and you only need a fraction of it for cryptography, and it isn't really used for anything outside of pki anymore.

It wouldn't be as bad if asn.1 had cought on more as a general purpose serialization format and there were ubiquitous decent libraries for dealing with it. But that didn't happen. Probably partly because there are so many different representations of asn.1.

A bespoke serialization specifically for certificates might actually have aged better, if it was well designed.

reply
upvoteby jll295 hours ago|
parent|
next
[-]
Assuming there are some libraries for it, would this make a pretty good case for LLM-generated ports of these existing libraries into other languages or onto other OSs/platforms? One implementation could be treated as "the spect".
reply
upvoteby pocksuppet10 hours ago|
parent|
prev|
[-]
ASN.1 is protobufs designed by committee. It is a general-purpose serialization format, but there's no good reason to choose it instead of protobufs.
reply
upvoteby tptacek12 hours ago|
prev|
next
[-]
The trick to ASN.1 is to serialize/unserialize it backwards.
reply
upvoteby dwattttt11 hours ago|
parent|
[-]
#1 NSA, I get it now!
reply
upvoteby mschuster9112 hours ago|
prev|
[-]
> Both of those have steep learning curve, but it's hardly because it's a mess or it's old.

Bitpacking structures used to be important in the 60s. That time has passed, unless you're dealing with LoRa, NFC or other cases of highly constrained bandwidth there are way better options to serialize and deserialize information. It's time to move on, and the complexity of all the legacy garbage in crypto has been the case of many a security vulnerability in the past.

As for the code, it might be personal preference but I'd love to have at least some comments referring back to a specification or original research paper in the code.

reply
upvoteby Muromec12 hours ago|
parent|
next
[-]
I think you misunderstand the problem asn.1 solves and constrains it works within (both 30 years ago and now). We sure can have a better one now once we learned all the lessons and know what good parts to keep, but this critique of bitpacking is misplaced.
reply
upvoteby Avamander12 hours ago|
parent|
prev|
[-]
ASN.1 is not used because of just bitpacking. There are other benefits to ASN.1 and it's probably one of the least problematic parts there.

People who have thought they can do better have made things like PGP. It's one of the worst cryptographic solutions out there. You're free to try as well though.

reply
upvoteby Muromec12 hours ago|
parent|
[-]
People who though they can do better did JWT, that is not complicated at all and has no bugs as well. Also solves 20% of what asn.1 is used for.
reply
upvoteby thayne10 hours ago|
parent|
[-]
Maybe a bit pedantic, but it would actually be the more general JOSE which includes tokens (JWT), signatures (JWS), and key transmission (JWK).

And there is a related binary format that uses CBOR (COSE) as well.

reply