replacing MIT's ASN.1 code
Nicolas.Williams at sun.com
Mon Oct 15 18:24:55 EDT 2007
> > -----Original Message-----
> > From: krbdev-bounces at mit.edu [mailto:krbdev-bounces at mit.edu]
> > On Behalf Of Ken Raeburn
> > Sent: Monday, October 15, 2007 17:11
> > To: Kerberos developers list
> > Subject: replacing MIT's ASN.1 code
I never got this e-mail.
> > Some people may have heard, there's a new free ASN.1 compiler
> > in development by Paul Hoffman and Jim Schaad
> > (http://code.google.com/p/ a2c/ is the project page, and has
> > [...]
> > So it's not a trivial task, but I think for long-term
No, but it's doable; I see no showstoppers. I think it will be a
question of priorities. Ideally one could build MIT krb5 with the old
ASN.1 code or with a2c (except for future additions, which should use
a2c exclusively) -- that would make interop and quality testing easier.
> > maintainability of the MIT code, it's probably worth
> > exploring. Please take a look, and let me know what you
> > think. Useful? Waste of time? Want to do the work? :) (I
> > do have a bunch of other stuff on my plate, scheduled for the
> > 1.7 release when this wasn't even on the radar, so I'm not
> > going to be able to do this any time soon unless it suddenly
> > jumps up onto the priority queue.)
If there's any way to use it for all new ASN.1 work (e.g., PKINIT[*],
PKCROSS, ...), then that would be one way to start.
* It's too late for PKINIT, but if you at least make sure that the
PKINIT API/ABI does not expose ASN.1 code internals then you'll have
an easier time making the switch for PKINIT later.
More information about the krbdev