[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: algorithm IDs

To: rabbi@xxxxxxxxxxx, wk@xxxxxxxxx
Subject: Re: algorithm IDs
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Sat, 21 Jun 2008 17:54:19 +1200
Cc: ietf-openpgp@xxxxxxx, openpgp@xxxxxxxxxxxx
In-reply-to: <871w2sibj1.fsf@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

Werner Koch <wk@xxxxxxxxx> writes:
>On Fri, 20 Jun 2008 12:48, rabbi@xxxxxxxxxxx said:
>> Actually, my concern has to do with the fact that OIDs are of arbitrary
>> length. X.509 got it wrong; we might too.
>How can you get this wrong?  You compare the length byte and the the data.
>That is trivial.  Some folks might be tempted to use a BER parser but is
>overkill and a bad practise.

You don't even check the length byte, you just have a table of encoded OIDs
and walk down them doing a memcmp() of the full encoded form.  Also, while
they *can* be of arbitrary length, unless you design a pathologically stupid
one it's going to be in the region 5-15 bytes.

(You can also optimise the check by comparing an integer checksum of the OID
with a stored integer checksum as a quick-reject check, so an OID match
search is just a walk down a list of ints followed by a single memcmp()).

Peter.

References:
- Re: algorithm IDs
  - From: Werner Koch

Prev by Date: Re: algorithm IDs
Previous by thread: Re: algorithm IDs
Next by thread: Other OpenPGP tasks
Index(es):
- Date
- Thread