Jim Craigie TEL +44-1635-202124 wrote:
Some comments on the Cryptographic Message Syntax spec:
1. ASN.1 Canonical Encoding Rules should be allowed
Yes, but DER rules. CER would seem the more logical choice, and
I looked at this issue some time back earlier this year, but I
could find not one single ASN.1 specification that had adopted
CER. And I know of no free or commercial products that support
CER at this time. CER is a relatively recent event, and did not
exist when the PKCS standards were created. (At that time, DER
was an invention of the X.50* folks, and was considered of such
general utility, that it was later moved into X.690.)
I've toyed with Packed Encoding Rules (PER - X.691) for a while,
since Certs are tag heavy, and PER offers typical 20-40% savings
in encoded size, but using PER takes some planning in how your
ASN.1 is defined, especially if you need to compute hashes. Unless
you use the open type notation properly, an object ToBeSigned is
not guaranteed to either start or end on a byte boundary.
Some new standards, like the multimedia work in h.245, h.235, h.323,
etc. use PER effectively to reduce their message sizes, but are
just now adding security enhancements. It would take a lot of
bandwidth to convert a standard as far along as smime to use some
other encoding rules. I believe a change from DER would greatly
distract from the more important aspects of the work.
[snip]
Phil
--
Phillip H. Griffin
ASN.1-SET-Java-Security Griffin Consulting
asn1(_at_)mindspring(_dot_)com 1625 Glenwood Avenue
919.828.7114 Raleigh, North Carolina 27608 USA
------------------------------------------------------------
Visit http://www.fivepointsfestival.com
------------------------------------------------------------