| ▲ | RainyDayTmrw 21 hours ago | ||||||||||||||||
What should people use today, given the choice, that isn't ASN.1? Edited to add: If they need something with a canonical byte representation, for example for hashing or MAC purposes? | |||||||||||||||||
| ▲ | viraptor 18 hours ago | parent | next [-] | ||||||||||||||||
How much of it do you need in that representation? Usually I see that need in either: x509 where you're already using der, or tiny fragments where a custom tag-length-value would cover almost every usage without having to touch asn. | |||||||||||||||||
| |||||||||||||||||
| ▲ | cryptonector 15 hours ago | parent | prev | next [-] | ||||||||||||||||
First of all you should never need a canonical representation. If you think you do, you're almost certainly wrong. In particular you should not design protocols so that you have to re-encode things in order to validate signatures. So then you don't need DER or anything like it. Second, ASN.1 is fantastic. You should at least study it a bit before you pick something else. Third, pick something you have good tooling for. I don't care if it's ASN.1, XDR, DCE RPC / MSRPC, JSON, CBOR, etc. Just make sure you have good tooling. And don't pick XML unless you really need it to interop with things that are already using XML. EDIT: I generally don't care about downvotes, but in this case I do. Which part of the above was objectionable? Point 1, 2, or 3? My negativity as to XML for protocols? XML for docs is alright. | |||||||||||||||||
| |||||||||||||||||
| ▲ | wglb 19 hours ago | parent | prev [-] | ||||||||||||||||
Here are some issues: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asn.1 | |||||||||||||||||