Hacker News new | comments | show | ask | jobs | submit login
OCaml-TLS: ASN.1 and notation embedding (openmirage.org)
87 points by avsm 1289 days ago | hide | past | web | favorite | 11 comments



If you like this, you will probably be interested in this:

Everything you Never Wanted to Know about PKI but were Forced to Find Out, by Peter Gutmann: http://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf

Also, this, by the same person: X.509 Style Guide

http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt


Second link was hanging, for me. For convenience:

http://web.archive.org/web/20131205072701/http://www.cs.auck...


The reason that ASN.1 has all those wacky representations of stings is that it was designed to allow interoperation between many different devices IBM's ebcdic and Telex being two that come to mind.

Takes me back to debugging OSI stacks for BT using a 409 and the days when I used to quote my phone number (and my telex number) on my CV as an x121 address ( form 1 variant 3 )


A lot of those devices are probably still around and being happily used in production.

I wonder for how many years in the future people will still have to fire up their HaskOCamlCoqda 10.4 ASN.1 library to deserialize EBCDIC over an ancient (gasp, wired!) serial port...


I wonder if they have put in the extra code for handling invalid code ICL famously used zero indexing on one bit of x.400 that mandated "must start from 1" (and you wonder why the UK doesn't have a mainframe maker anymore).

and don't get me started on the bodged stack from sprint which blindly ignored the spec!


I also had a lot of fun with ASN.1 a few years ago when I was writing an SMS message codec for an anti-spam/fraud system. Its actually a really flexible system and though it has its issues, it also has some really good design decisions. I always found it to be quite interesting, at least.

I do have some less than fond memories staring and BER encoded SMS messages in Wireshark, however...


"ASN.1 (Abstract Syntax Notation, version one) is a way to describe on-the-wire representation of messages."

Well, technically, no. ASN.1 is a way to define messages and multiple representations for them.

It would be possible, I believe, to describe an Internet Protocol message and there might exist an encoding that would allow you to read and write IP packets, but the first is likely not easy and the second is definitely not standard.

Here's a description of the fun I had a while back attempting to talk to an Active Directory server using AD's variant of LDAP (which is an import from the ISO OSI stack and uses ASN.1):

http://maniagnosis.crsr.net/2009/09/authenticating-against-a...


I think, where the author wrote "ASN.1", they meant to say "DER".


Exactly!


In vein of general ASN.1 trivia in other comments, how many people rememer the ASN.1 doom of 2002?

Almost everything running SNMP had remote pre-auth vulns and on multiple levels - on the ASN.1 encoding side plus on the levels above that. And most of the SNMP managed gear was things like routers and switches and printers that were a nightmare to upgrade, or even exhaustively enumerate in your network.

https://www.cert.org/historical/advisories/CA-2002-03.cfm


watching the error path cleanups in libasn1 in LibreSSL is scary indeed. It's a very complex API indeed, compared to something like the PolarSSL implementation. Undoubtedly more such bugs lurking that will affect routers, printers and other embedded gear for decades to come.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: