replacing MIT's ASN.1 code

Sam Hartman hartmans at MIT.EDU
Tue Oct 16 09:39:20 EDT 2007

>>>>> "JC" == JC Ferguson <jc at> writes:

    JC> Supporting two API's for ASN.1 encoding is an interesting
    JC> idea.  I haven't looked closely at how the current ASN.1 is
    JC> abstracted to the callers.  To do this, you'd have to insert a
    JC> 'shim' between the callers of the ASN.1 stuff and the actual
    JC> ASN.1 implementation.  Then, as you suggest, ./configure
    JC> --use-new-asn1 or some such and you get the new
    JC> implementation.

I think that supporting two APIs at the same time would be a lot of

I'd like to throw out the approach of a gradual transition.  First,
start using a2c for pkinit and for LDAP and other new structures.

Over time as we have confidence, gradually switch structures over.

The disadvantage is code size.  The advantage is hopefully maintaining


More information about the krbdev mailing list