replacing MIT's ASN.1 code

Nicolas Williams Nicolas.Williams at
Mon Oct 15 18:57:24 EDT 2007

On Mon, Oct 15, 2007 at 06:41:03PM -0400, Ken Raeburn wrote:
> I'm wary of shipping additions that only work with one of the ASN.1  
> packages, while we ship both.  If we've gotten confident enough in  
> the new code, we should ship only that.  If we're not that confident,  
> should we be making people who want the new features depend on it?

I would have more confidence in a2c than in new hand-crafted DER code.
But I'd have marginally more confidence in old, stable, debugged
hand-crafted DER code than in a2c, though eventually I'd have more
confidence in a2c period.

> I suppose it would be a way to incrementally convert from one to the  
> other; I hadn't thought about it that way -- if we're confident in  
> it, but haven't put in the work to switch everything over just yet.   

The best rationale for shipping support for both is that you can more
easily do interop testing (not only initially but as bugs are fixed).
But I'm not sure that holds up.  In which case the best path is to just
switch -- eventually you'll want to, it's just a matter of time :)

More information about the krbdev mailing list