[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ASN.1 stuff (Re: [xad] Re: FW: SSPI client)

On Thu, Nov 08, 2001 at 09:18:07AM -0500, Nicolas Williams wrote:
> Heimdal's ASN.1 compiler caters to krb5 ASN.1, which is 
> not true ASN.1 because MIT krb5 violates the ASN.1/DER specs in some 
> places, like with INTEGER, where, IIRC, MIT krb5 (and therefore all 
> other Kerberos V implementors) always writes four bytes for INTEGERs on 
> the wire, even though the minimum needed might be one byte. 

I'm  off  on a  tangent,  but...  at  least  in Kerberos  5  messages,
the  Heimdal code  encodes integers  correctly.  It  must, or  digital
signatures, message digests, and so forth would not work.  This is the
reason DER  is specified.   For example, `pvno'  is always  encoded as
follows: 02 01 05,  while encryption type des-cbc-md5  must be encoded
as 02 01 03.  There are no other acceptable ways to encode it.

Maybe I'm not understanding you correctly  ... do you mind providing a
trace of what you mean?

Jacques A. Vidrine <n@nectar.com>                   http://www.nectar.com/
Verio/NTT SME           =      FreeBSD UNIX      =        Heimdal Kerberos
jvidrine@verio.net      =   nectar@FreeBSD.org   =       nectar@pdc.kth.se