Thu Oct 26 19:07:28 CEST 2000
At 13:59 25/10/00, Kenneth Lundin wrote:
>"Victor M. Gulias" wrote:
>> Also, the ASN.1 compiler uses per and ber to code the types. What
>> about *der* encoding?
>DER is the same as BER but with some restrictions. The
>Erlang/ASN.1 compiler does not follow the DER rules 100% but
>I don't think it matters in practical use.
>DER puts restrictions on:
>Length forms (always use definite length) , ok
>String encoding, ok
>Set components, no not always
>Boolean TRUE with all eigth bits set, yes
>Unused bits in BIT STRING, yes
>Real values, no we hardly support them at all
>GeneralString values, no
>Set and Sequence components with default value, no not always
>For all practical uses that I have seen so far the "no's" in the list
>are not important. But if someone can show practical examples where
>it is important please show me and I will implement 100% DER.
Coming from the PKI world, I'll point out that the X.500/X.509 does require a bit more in the way of DER encoding. I was thinking about maybe hacking it in myself, but I'm a relative new-comer to Erlang, and haven't yet had a chance to really get into the gory details of the language or the ASN.1 support.
To be more specific about what would be useful for X.509 PKI support, and note a few other things about DER:
Length encoding -- the restrictions are a bit stronger than what you stated. IIRC, it boils down to having to use the shortest possible encoding of the length (which may be what you are already doing; I haven't checked).
UTCTime and GeneralizedTime -- used frequently, and often done wrong (a common source of bugs).
SET OF -- used in a couple of places, but the main one of concern is that X.500 names are basically a SEQUENCE OF SET OF AttributeValueAssertion. Usually, the set has only a single element, so there is no problem, but it is not unknown for it to have more.
enumerated BIT STRING -- this is distinct from a definite length BIT STRING in that _all_ trailing zero bits should be stripped, whether they are defined or not. This is widely used.
defaulted component values -- this is used, but can be worked around by defining them as optional instead, and then removing/filling-in the default outside of the en/de-coder.
If I get the time to play with this, I'll be sure to check with you first, so we don't duplicate each others work. But I probably won't have the time this month anyway. )-:
>> Victor M. Gulias
More information about the erlang-questions