

OCaml-TLS: ASN.1 and notation embedding - avsm
http://openmirage.org/blog/introducing-asn1

======
teddyh
If you like this, you will probably be interested in this:

 _Everything you Never Wanted to Know about PKI but were Forced to Find Out_ ,
by Peter Gutmann:
[http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf](http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf)

Also, this, by the same person: _X.509 Style Guide_

[http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt](http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt)

~~~
pasbesoin
Second link was hanging, for me. For convenience:

[http://web.archive.org/web/20131205072701/http://www.cs.auck...](http://web.archive.org/web/20131205072701/http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt)

------
walshemj
The reason that ASN.1 has all those wacky representations of stings is that it
was designed to allow interoperation between many different devices IBM's
ebcdic and Telex being two that come to mind.

Takes me back to debugging OSI stacks for BT using a 409 and the days when I
used to quote my phone number (and my telex number) on my CV as an x121
address ( form 1 variant 3 )

~~~
avsm
A lot of those devices are probably still around and being happily used in
production.

I wonder for how many years in the future people will still have to fire up
their HaskOCamlCoqda 10.4 ASN.1 library to deserialize EBCDIC over an ancient
(gasp, wired!) serial port...

~~~
walshemj
I wonder if they have put in the extra code for handling invalid code ICL
famously used zero indexing on one bit of x.400 that mandated "must start from
1" (and you wonder why the UK doesn't have a mainframe maker anymore).

and don't get me started on the bodged stack from sprint which blindly ignored
the spec!

------
dkersten
I also had a lot of fun with ASN.1 a few years ago when I was writing an SMS
message codec for an anti-spam/fraud system. Its actually a really flexible
system and though it has its issues, it also has some really good design
decisions. I always found it to be quite interesting, at least.

I do have some less than fond memories staring and BER encoded SMS messages in
Wireshark, however...

------
mcguire
" _ASN.1 (Abstract Syntax Notation, version one) is a way to describe on-the-
wire representation of messages._ "

Well, technically, no. ASN.1 is a way to _define_ messages and multiple
representations for them.

It would be possible, I believe, to describe an Internet Protocol message and
there might exist an encoding that would allow you to read and write IP
packets, but the first is likely not easy and the second is definitely not
standard.

Here's a description of the fun I had a while back attempting to talk to an
Active Directory server using AD's variant of LDAP (which is an import from
the ISO OSI stack and uses ASN.1):

[http://maniagnosis.crsr.net/2009/09/authenticating-
against-a...](http://maniagnosis.crsr.net/2009/09/authenticating-against-
active-directory.html)

~~~
tptacek
I think, where the author wrote "ASN.1", they meant to say "DER".

~~~
mcguire
_Exactly!_

------
zurn
In vein of general ASN.1 trivia in other comments, how many people rememer the
ASN.1 doom of 2002?

Almost everything running SNMP had remote pre-auth vulns and on multiple
levels - on the ASN.1 encoding side plus on the levels above that. And most of
the SNMP managed gear was things like routers and switches and printers that
were a nightmare to upgrade, or even exhaustively enumerate in your network.

[https://www.cert.org/historical/advisories/CA-2002-03.cfm](https://www.cert.org/historical/advisories/CA-2002-03.cfm)

~~~
avsm
watching the error path cleanups in libasn1 in LibreSSL is scary indeed. It's
a very complex API indeed, compared to something like the PolarSSL
implementation. Undoubtedly more such bugs lurking that will affect routers,
printers and other embedded gear for decades to come.

