Re: [Acme] ACME or EST?

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 28 November 2014 02:30 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ABAF1A066B for <acme@ietfa.amsl.com>; Thu, 27 Nov 2014 18:30:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MLLn3vUFy6CL for <acme@ietfa.amsl.com>; Thu, 27 Nov 2014 18:30:05 -0800 (PST)
Received: from mail-la0-x22f.google.com (mail-la0-x22f.google.com [IPv6:2a00:1450:4010:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC9B91A047A for <acme@ietf.org>; Thu, 27 Nov 2014 18:30:04 -0800 (PST)
Received: by mail-la0-f47.google.com with SMTP id hz20so5037583lab.34 for <acme@ietf.org>; Thu, 27 Nov 2014 18:30:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=nv44sx+8e1tiMik29MtWDFM+mwMUnBNX51bY+9DyFhA=; b=05w0+i976tx29+i//gu2EJNe2dZZKxGKdhKgt+Xa6cMJO3D9VREupb0WGuS5/QKrx8 GQwg5x0nrLLwMG63+Q7cWqlljiNbonADAB/L7xeaZJM3H9Cr7iIQEc1TQxkKnIhvS0AG 09Um7Wusf0pFqh0pTd72JXAuz1rw5vVI4lnWAaPC7qGM9agU44l/pTZ21iEhpmDB1iyi 93mLliINn1vl7+1aERDCfN2/UuTCytth2SUEa1OEKYPOywQ5Yn4fIfxNBmEu1oR8l0Dj 9pdBFcGC2sC3Dvs07ZeK2kKQbfJ74Emo/6eZE3AfHBSyzCy0UjMU7rlaOlh0jRR6fx7/ xlEA==
MIME-Version: 1.0
X-Received: by 10.152.87.67 with SMTP id v3mr39538299laz.97.1417141803267; Thu, 27 Nov 2014 18:30:03 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.34.212 with HTTP; Thu, 27 Nov 2014 18:30:03 -0800 (PST)
In-Reply-To: <DM2PR0301MB0655D5E0292BAE408C92B3B7A8710@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com> <CAHOTMVLJFQsKUVaZueeqx4NRtzM+a4asU14YnQPC+2LHQCtcEQ@mail.gmail.com> <54752FD9.6040708@cs.tcd.ie> <m27fyg4yzg.wl%randy@psg.com> <CAMm+LwjOgYistjb8jo_aw0jJ9+0YpL++Y4yJONj1rCGG0kC94A@mail.gmail.com> <DM2PR0301MB0655D5E0292BAE408C92B3B7A8710@DM2PR0301MB0655.namprd03.prod.outlook.com>
Date: Thu, 27 Nov 2014 21:30:03 -0500
X-Google-Sender-Auth: vcXHWyCYn1mJDt3kB4bm-Y5tq5E
Message-ID: <CAMm+LwhwthKmjGm-uebjcDm_4Uy57pt0v7--J8MvTWKEftbx4w@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Christian Huitema <huitema@microsoft.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/tU_RdqbFMHOTuBBeBVW9AAFlDfU
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 02:30:06 -0000

On Thu, Nov 27, 2014 at 5:42 PM, Christian Huitema
<huitema@microsoft.com> wrote:
>> One of the many reasons to drop ASN.1, particularly the Deranged Encoding Rules.
>>
>> The type of coding error that comes up is as follows:
>>
>> Tag Length[ Tag Length [Value]]
>>
>> Lets say each atom has a length of 1 byte, this would be coded
>>
>> xx 03 xx 01 xx
>>
>> Now what happens if the coder is wrong and instead gives:
>>
>> xx 99 xx 01 xx
>>
>> Buffer overrun error time!
>
> On the other hand, there is enough information in the BER/DER encoding to perform run time verifications and avoid these overruns. It falls in the general category of "never trust input received from the network."

But as a programer responsible for the security of the code, that
means I can't just take an off the shelf ASN.1 library and use it. I
have to roll my own to be sure the checks are made. Which in fact is
what I do.

So the existence of ASN.1 tools does nothing to reduce the impact of
the needless complexity.


> I am not sure that the message description language matters very much, the quality of the implementation matters much more. And, as far as protocol go, better keep the syntax as simple as possible. But you are right about the level of "exotic complexity" in ASN.1. It does not help.


That is why I would like us to stick to one data model and at most two
encodings of that data model going forward. Those being text and
binary.