So you want to serialize some DER?

https://alexgaynor.net/2025/jun/20/serialize-some-der/

76•lukastyrychtr•7mo ago

Comments

PeeMcGee•7mo ago

The post title is misleading and the content reads more like a guerilla advertisement for claude. TL;DR: author works for Anthropic, and used claude to implement an optimization for LLVM.

quentinp•7mo ago

He’s also well respected in the Python community for maintaining the cryptography package, partially written in Rust. This is just a random blog post, not an ad.

lmm•7mo ago

Maybe. But the fact they work for Anthropic is very relevant and changes my impression of the post quite a lot.

__alexs•7mo ago

FWIW Having worked a lot with Alex on cryptography he seems almost entirely incapable of doing something that I would normally consider an advert.

Sometimes people have good experiences with tools and like to share them.

brabel•7mo ago

The author has added a note in the beginning of the post now making it clear that he works for Anthropic, which may explain the fixation on Claude Code!

benmmurphy•7mo ago

having two very different code paths for measuring the length of the DER buffer and writing the DER sounds very scary. i guess its fine with Rust but the idea would give me the heebee-jeebies for any other language unless they are using a safe buffer implementation. i would find it hard to trust that there is no buffer overflow based on divergent behaviour between the two functions.

tptacek•7mo ago

This piece starts out super-duper inside baseball (optimizing DER encoding for, in the main, X.509 certificate handling) in Rust code that is increasingly leveraged by Python's cryptography stack. But it ends up somewhere crazy: with an LLM agent apparently one-shotting an LLVM optimization, then semiformally verifying the change, which is ultimately merged by the LLVM team.

ggm•7mo ago

So many encoding rules. DER, PER. It's an xkcd cartoon but inside one asn.1 standard!

dathinab•7mo ago

it's as much one standard as OIDC is ;)

(as in it isn't one standard but a group of standards, like asn.1 without any encoding is split in ~4 standards by itself. Through to be fair all or CER, BER and DER are in the same standard. But PER is another standard, so is XER, OER, JER, GSER, RXER each and others.)

jnwatson•7mo ago

The standard is 41 years old, so there has been plenty of time for extensions.

Practically, the useful encodings are DER, which is canonical and used for crypto, and XER, which is human-readable.

It is a neat spec, chock-full of great ideas. Unfortunately, given its age, there have been many bad implementations of it.

zzo38computer•7mo ago

> There’s only one encoding I choose to acknowledge, which is DER (the Distinguished Encoding Representation, it’s got a monocle and tophat).

I also prefer to use DER, because it is better than BER and CER. DER is actually a subset of BER but BER has some messiness which is avoided by DER; because there are not as any ways to encode data by DER this makes it simpler to handle.

DER is also the format used by X.509 certificates, so this is fortunate; however, I use DER for other stuff too (since I think it is generally better than XML, JSON, CSV, etc).

I wrote a library in C to serialize and deserialize DER.

NoahZuniga•7mo ago

DER encoding is in fact unique.

simonw•7mo ago

The most interesting part of this post is the bit about half way down, where Alex uses Claude to help identify a missing compiler optimization in LLVM... and then uses Claude Code to implement that optimization and gets a PR accepted to LLVM itself! https://github.com/llvm/llvm-project/pull/142869

CJefferson•7mo ago

I feel this is going to be the thing which really boosts automated theory proving.

Up until now it's always been a hard sell, people say "Well, I can prove it myself, and that's less work than getting the computer to prove it", and they weren't completely wrong.

However, now we have LLMs which can do lots of interesting work, but really can't be trusted for anything important (like an LLVM optimisation pass, for example). If those LLMs can convince a theorem prover the LLVM optimisation pass is correct, then suddenly their output is much more useful.

tialaramex•7mo ago

One concern here is that proofs don't necessarily prove what we intuitively think they do. So we need to be very careful to understand what we actually proved.

The TLS 1.3 "Selfie attack" is an example of a gap between what we did prove and what we intuitively understood.

The formal proof for TLS 1.3 says Alice talking to Bob gets all the defined benefits of this protocol, and one option is they have a Pre-shared Key (PSK) for that conversation. They both know the same key, in that sense it's symmetric.

But the human intuition is that we're talking about an Alice+Bob key, whereas the proof says this is an Alice->Bob conversation key. If we re-use the same PSK for Bob->Alice conversations too we get the Selfie Attack, the formal proof never said we can expect that to work, it was just our intuition which confused us.

GoblinSlayer•7mo ago

The article says the proof only considered session resumption PSK, and overlooked out of band PSK, which was left for future work. Maybe if they could have a list of features, but TLS is too complex for that.

Also PSK involves sending a PSK identity, which is supposed to be used to find the PSK, in particular it can be a user name, so the server can check the user name is correct.

SectorC: A C Compiler in 512 bytes

Brookhaven Lab's RHIC concludes 25-year run with final collisions

I write games in C (yes, C)

Speed up responses with fast mode

Software factories and the agentic moment

The F Word

Hoot: Scheme on WebAssembly

Stories from 25 Years of Software Development

OpenCiv3: Open-source, cross-platform reimagining of Civilization III

First Proof

The Waymo World Model

Al Lowe on model trains, funny deaths and working with Disney

Reinforcement Learning from Human Feedback

Vocal Guide – belt sing without killing yourself

Start all of your commands with a comma (2009)

Microsoft account bugs locked me out of Notepad – Are thin clients ruining PCs?

We mourn our craft

Show HN: I saw this cool navigation reveal, so I made a simple HTML+CSS version

Coding agents have replaced every framework I used

72M Points of Interest

France's homegrown open source online office suite

The AI boom is causing shortages everywhere else

Selection Rather Than Prediction

A Fresh Look at IBM 3270 Information Display System

Unseen Footage of Atari Battlezone Arcade Cabinet Production

History and Timeline of the Proco Rat Pedal (2021)

Show HN: Kappal – CLI to Run Docker Compose YML on Kubernetes for Local Dev

Where did all the starships go?

Learning from context is harder than we thought

Show HN: Look Ma, No Linux: Shell, App Installer, Vi, Cc on ESP32-S3 / BreezyBox