RE: SSL sans RSA

William Whyte (wwhyte@baltimore.ie)
Wed, 24 Feb 1999 09:47:23 -0000

• Next message: Thomas Roessler: "cost for cracking 512 bit RSA?"
• Previous message: Enzo Michelangeli: "Re: SSL sans RSA"
• Maybe in reply to: Niels Möller: "SSL sans RSA"
• Next in thread: William H. Geiger III: "RE: SSL sans RSA"
• Reply: William H. Geiger III: "RE: SSL sans RSA"

> What a mess! RSA expands stuff to it's modulus size. So
> imagine ASN.1 encoding your hash + session key +..., then running it
> through RSA. Then encoding the result in ASN.1 again. It heavily
> bloated the packet header by an unpredictable amount. After those
> experiences I vowed never to use ASN.1 again if at all possible. (I
> also didn't care much for RSA after the last experience).

It's a nit-picking point, but the problem isn't ASN.1, it's BER/DER.
There are other encoding rules that don't bloat the data anything
like so much.

> Except for
> SNMP v1, I don't think any other protocol using ASN.1 has been successful,
> especially security ones. For example look at Kerberos v5 or SET or the
> first couple of secure SNMP attempts.

Well, S/MIME.

William

• Next message: Thomas Roessler: "cost for cracking 512 bit RSA?"
• Previous message: Enzo Michelangeli: "Re: SSL sans RSA"
• Maybe in reply to: Niels Möller: "SSL sans RSA"
• Next in thread: William H. Geiger III: "RE: SSL sans RSA"
• Reply: William H. Geiger III: "RE: SSL sans RSA"