Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
The trick in doing XML dsig is to output XML directly in a canonical format, then you can have a pretty fast implementation.
It's still slower than uber-optimized ASN.1 parsers, but personally, I don't care even if it's 10x slower.
TLS renegotiation vulnerability
Posted Nov 23, 2009 0:17 UTC (Mon) by foom (subscriber, #14868)
That's a bit silly. Have you ever looked at ASN.1? It's really quite trivial. So much easier than XML,
it's hard to imagine why anyone would want to use an XML parser instead in security sensitive
Certificates actually use DER, which is a slightly restricted subset of BER:
Posted Nov 23, 2009 8:26 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
To be fair, XML canonicalization rules are designed for arbitrary XML. It's possible to simplify them by using a subset of XML. For example, by restricting entities, CDATA and namespace use.
In any case, less complex formats like JSON can be used instead of XML.
Posted Nov 23, 2009 13:50 UTC (Mon) by quotemstr (subscriber, #45331)
wherever ASN.1 goes, destruction and pain follows. Examples: LDAP, SNMP, SSL/TLS, Kerberos.
Posted Nov 23, 2009 15:49 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)
I can easily do this for HTTP/FTP/SMTP even IMAP. I don't even want to contemplate this for SSL/TLS.
That's the problem, it's impossible to create a simple client for SSL.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds