replacing MIT's ASN.1 code

Ken Raeburn raeburn at MIT.EDU
Mon Oct 15 18:41:03 EDT 2007

On Oct 15, 2007, at 18:24, Nicolas Williams wrote:

>>> -----Original Message-----
>>> From: krbdev-bounces at [mailto:krbdev-bounces at]
>>> On Behalf Of Ken Raeburn
>>> Sent: Monday, October 15, 2007 17:11
>>> To: Kerberos developers list
>>> Subject: replacing MIT's ASN.1 code
> I never got this e-mail.

Weird.  Spam filter? 
October/thread.html#6263 has all the traffic so far.  (Though my  
reply to JC shows up as a separate thread for some reason.)

>>> So it's not a trivial task, but I think for long-term
> No, but it's doable; I see no showstoppers.  I think it will be a
> question of priorities.  Ideally one could build MIT krb5 with the old
> ASN.1 code or with a2c (except for future additions, which should use
> a2c exclusively) -- that would make interop and quality testing  
> easier.

I'm wary of shipping additions that only work with one of the ASN.1  
packages, while we ship both.  If we've gotten confident enough in  
the new code, we should ship only that.  If we're not that confident,  
should we be making people who want the new features depend on it?

I suppose it would be a way to incrementally convert from one to the  
other; I hadn't thought about it that way -- if we're confident in  
it, but haven't put in the work to switch everything over just yet.   
(But then how did we get to that confidence level?)  And if we decide  
we *don't* have a high confidence level in some part of it for some  
reason, and thus can't switch for certain messages, we're stuck using  
two ASN.1 packages.  (Forking and customizing A2C on our own would be  
an option, though an unpleasant one.)


More information about the krbdev mailing list