replacing MIT's ASN.1 code

Nicolas Williams Nicolas.Williams at
Mon Oct 15 18:24:55 EDT 2007

> > -----Original Message-----
> > From: krbdev-bounces at [mailto:krbdev-bounces at] 
> > On Behalf Of Ken Raeburn
> > Sent: Monday, October 15, 2007 17:11
> > To: Kerberos developers list
> > Subject: replacing MIT's ASN.1 code

I never got this e-mail.

> > Some people may have heard, there's a new free ASN.1 compiler 
> > in development by Paul Hoffman and Jim Schaad 
> > ( a2c/ is the project page, and has

> > [...]
> > So it's not a trivial task, but I think for long-term 

No, but it's doable; I see no showstoppers.  I think it will be a
question of priorities.  Ideally one could build MIT krb5 with the old
ASN.1 code or with a2c (except for future additions, which should use
a2c exclusively) -- that would make interop and quality testing easier.

> > maintainability of the MIT code, it's probably worth 
> > exploring.  Please take a look, and let me know what you 
> > think.  Useful?  Waste of time?  Want to do the work? :)  (I 
> > do have a bunch of other stuff on my plate, scheduled for the 
> > 1.7 release when this wasn't even on the radar, so I'm not 
> > going to be able to do this any time soon unless it suddenly 
> > jumps up onto the priority queue.)

If there's any way to use it for all new ASN.1 work (e.g., PKINIT[*],
PKCROSS, ...), then that would be one way to start.

*  It's too late for PKINIT, but if you at least make sure that the
   PKINIT API/ABI does not expose ASN.1 code internals then you'll have
   an easier time making the switch for PKINIT later.


More information about the krbdev mailing list