search

davidben / merkle-tree-certs

Other
9 stars 2 forks source link

Double length prefix in Claim #75

Open bwesterb opened 11 months ago

bwesterb commented 11 months ago

A Claim is defined as

struct {
    ClaimType claim_type;
    opaque claim_info<0..2^16-1>;
} Claim;

For claim_type=dns, the claim_info is to be interpreted as a DNSNameList, which is defined as

opaque DNSName<1..255>;

struct {
    DNSName dns_names<1..2^16-1>;
} DNSNameList;

Thus a DNS claim for example.com is:

0000 000f 000d 000b 6578616d706c652e636f6d

The first uint16 is the type. The second is the length prefix for claim_info. The third is the length prefix for dns_names.

When writing a parser it's clear that there is a superfluous prefix in the specification. It's not that easy to express leaving it out without adding new notation to the TLS presentation language. Perhaps it's fine to leave it like this.

davidben commented 11 months ago

Yeah, the TLS presentation language tends to result in double prefixes like this. Not thrilled with it, but at least on the TLS side, folks seem to mostly just live with it.