At 03:34 PM 12/14/2005, [EMAIL PROTECTED] wrote:
An application programmer who is using PKCS1 doesn't even need to know the small amount of ASN.1 in the spec... libraries that implement RSA PKCS1 take care of the ASN.1 for the programmer.
This is in fact one reason that ASN.1 exploits have been so wide-ranging when they've happened. ASN.1 is a horrendously ugly mess, even uglier than PGP, so almost everybody uses an existing library instead of rolling their own or writing a new library for other users. Major bugs aren't discovered often, but everybody's pretty much using the same C code, whether for SNMP or X.509 or whatever. I don't know how many of the Java et al. versions have rewritten it natively as opposed to importing C libraries, which is probably more convenient. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]