[Todo] Using `rasn` instead of `deku`

stack-rs / ctlog

A simple certificate transparency log client API wrapper

Apache License 2.0

1 stars 0 forks source link

[Todo] Using `rasn` instead of `deku` #3

Open duskmoon314 opened 1 year ago

duskmoon314 commented 1 year ago

Many responses of ct log are base64 encoded ASN.1. Thus, using rasn is more meaningful.

mpalmer commented 1 year ago

Most of the binary-encoded data structures aren't ASN.1, they're... whatever you want to call TLS' ideosyncratic packed encoding. Point a DER parser at the base64-decoded leaf_input, for instance, and it won't have the foggiest idea what to do.

duskmoon314 commented 1 year ago

In my understanding, DER is a part of ASN.1. The original thought is to use some crates instead of a self-maintained structure of the TLS certificate.

Though currently I don't have much time on this.

mpalmer commented 1 year ago

Yes, DER is a standardised encoding of ASN.1, which is itself an abstract notation for structured data.

From what I can see, you're already using a DER parser for the parts that can benefit from one -- specifically, turning the X.509 certificates (leaf and poisoned precert) into a useful structure, using x509_parser. The other data structures that are currently using deku are not DER-encoded, and are instead either JSON or the packed-value format specified in the TLS RFCs.