[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ASN.1 stuff (Re: [xad] Re: FW: SSPI client)
On Thu, Nov 08, 2001 at 09:18:07AM -0500, Nicolas Williams wrote:
> Heimdal's ASN.1 compiler caters to krb5 ASN.1, which is
> not true ASN.1 because MIT krb5 violates the ASN.1/DER specs in some
> places, like with INTEGER, where, IIRC, MIT krb5 (and therefore all
> other Kerberos V implementors) always writes four bytes for INTEGERs on
> the wire, even though the minimum needed might be one byte.
I'm off on a tangent, but... at least in Kerberos 5 messages,
the Heimdal code encodes integers correctly. It must, or digital
signatures, message digests, and so forth would not work. This is the
reason DER is specified. For example, `pvno' is always encoded as
follows: 02 01 05, while encryption type des-cbc-md5 must be encoded
as 02 01 03. There are no other acceptable ways to encode it.
Maybe I'm not understanding you correctly ... do you mind providing a
trace of what you mean?
Jacques A. Vidrine <firstname.lastname@example.org> http://www.nectar.com/
Verio/NTT SME = FreeBSD UNIX = Heimdal Kerberos
email@example.com = nectar@FreeBSD.org = firstname.lastname@example.org