Plugins and ASN.1

Ken Raeburn raeburn at MIT.EDU
Mon Oct 2 18:27:42 EDT 2006

On Oct 2, 2006, at 18:15, Nicolas Williams wrote:
> On Mon, Oct 02, 2006 at 06:04:51PM -0400, Sam Hartman wrote:
>> I don't know of a good way around this without opening some rather
>> messy abstractions to the plugins.
> Options include:
> 1) Let the plug-ins provide their own ASN.1 DER encoding/decoding.

The duplication of code would be unfortunate, but oh well.

>    (Won't PKINIT implementations have to anyways, for dealing with  
> BER?)
> 2) Open your ASN.1 library/converntions.

I'm not sure the current interface is one we'd want opened up as a  
supported interface going forward.  As an internal interface, subject  
to change in future releases, and available only through  
krb5int_accessor, I could go with, but Sam shot that down when we  
discussed it earlier.

> 3) Accept code into your ASN.1 library that really belongs in the
>    plug-ins.

For the current LDAP plugin work, this is probably what's going to  

> I think (1) and (2) is best for now.  Plug-in authors that choose (1)
> might copy MIT's ASN.1 DER framework (avoiding symbol collisions, of
> course).

That had crossed my mind, too....


More information about the krbdev mailing list