Re: What ASN.1 got right

[Michael Thomas <mike@mtcc.com>]

On 3/1/21 9:28 PM, Phillip Hallam-Baker wrote:
> Thing about the WebPKI is that everyone seems to hate it just as much 
> today as when we originally proposed it 25 years ago. All the things 
> people keep saying were better were on the table then as well. We 
> could have a discussion about why DNSSEC is no better but that won't 
> get us anywhere.
>
> None of the systems on the table in 1995 is going to work and if you 
> want to understand why go get a machine that SHIPPED with Windows 95, 
> boot it and see what we had to work with.
>
> PKIX and the WebPKI were built for 30MHz machines with 32 bit 
> processors and 4MB of memory.
>
>
> If you want a decent PKI for user authentication you need to be 
> willing to do Internet2 for PKI and do some blue sky research.
>
> There aren't many folk doing that at the moment as BitPonzi has sucked 
> all the air out of the room.
>
> Its not ASN.1 that is the problem. Its actually Public Key crypto 
> isn't enough, you need threshold. But we are getting rid of the ASN.1 
> as well for two reasons. First, nobody is going to use our stuff if we 
> force them to do ASN.1. Second, nobody is paying me to do my stuff 
> right now but once I have it working in JSON/JSON-B, I can probably 
> find some ASN.1 aficionados to give me a consulting gig to write an 
> ASN.1 version.

TLS is water under the bridge. We got the mess of disjoint trust anchors 
and who should be trustworthy or not, but somehow it mostly works. My 
beef is with the collateral damage of that choice. ASN.1 instantly makes 
figuring out what's going on much harder. Instead of more(1) I have to 
do some arcane openssl incantation to view the contents of a 
certificate. And instead of just directly using a public key to bind to 
an identity, I have to figure out how and what CA to issue a 
certificate, blah blah blah, instantly making a simple concept far, far 
harder. And don't even get me started on business models.

Look at the complexity difference between DKIM vs. STIR which are doing 
approximately the same thing (or at least should be). I would say that 
part of STIR's failing is that they got sucked down the X.509 rathole 
requiring special root CA's so they could assert things about e.164 
addresses instead of doing the far more obvious thing that DKIM did 
which was to assign responsibility for messages to the domains sending 
them. It's not directly X.509's fault they solved the wrong problem, but 
it absolutely didn't help because it set up the mindset where solving 
the wrong problem seemed like a tractable problem when in fact it is not.

Mike


>
>
> On Mon, Mar 1, 2021 at 8:18 PM Michael Thomas <mike@mtcc.com 
> <mailto:mike@mtcc.com>> wrote:
>
>     The combination of ASN.1 and X.509 has done irreparable harm to
>     identity
>     on the internet. X.509 provides exactly one benefit: the ability to
>     verify offline that almost nobody cares about anymore. They have
>     needlessly obfuscated the contents in the case of ASN.1, and the
>     name/key binding in the case of X.509. Every security newbie
>     immediately
>     assumes that if you want to use an asymmetric key that you need X.509
>     and hence ASN.1. That is not the case and that tail has wagged way
>     too
>     many dogs.
>
>     The best you can say is that X.509 bootstrapped TLS, but it would
>     have
>     been a way better world had it been bootstrapped by DNS.
>
>     Mike, yuck.
>
>     On 3/1/21 5:07 PM, Nico Williams wrote:
>     > As an ASN.1 implementor, I can tell you things I, like many of
>     you, hate
>     > about ASN.1:
>     >
>     >   - ugly syntax (made uglier by having tags as optional lexical
>     elements)
>     >
>     >   - ugly OIDs (should have been URNs or URN-like)
>     >
>     >   - BER/DER/CER and all TLV encodings in the world (protocol
>     buffers, I'm
>     >     looking at you too) are awful
>     >
>     >   - the fact that the specs were, for a long time, non-free,
>     which led to
>     >     a dearth of open source tooling that still persists somewhat
>     (though
>     >     not as bad as it used to be)
>     >
>     >   - the fact that for years people hand-rolled their codecs due
>     to the
>     >     previous item, and so created many bugs
>     >
>     >   - X.400/X.500, which are not part of ASN.1, of course, but closely
>     >     related -- especially X.500 style naming!
>     >
>     > Having recently implemented automatic open type decoding
>     handling X.681/
>     > X.682/X.683 (see RFCs 6025 for some insight, and 5912 for real
>     examples
>     > that I'm making use of), I can tell you that ASN.1 got some things
>     > right:
>     >
>     >   - rich formalisms ("constraints")
>     >
>     >   - separation of syntax and encoding rules
>     >
>     > The fact that there are many encoding rules for ASN.1, of almost
>     every
>     > kind (binary TLV, binaray non-TLV, and textual, including XML- and
>     > JSON-based rules) proves the last point.  I can't help but see
>     how XDR,
>     > NDR, and flatbuffers, among many other encodings out there,
>     could easily
>     > be used with ASN.1.  (E.g., what XDR and NDR call "pointers" are
>     just
>     > optional fields in ASN.1.)
>     >
>     > The fact that one can implement automatic open type decoding
>     using ASN.1
>     > formalisms and those already published in, e.g., RFC 5912[*]
>     proves the
>     > utility of those formalisms.  I now get to see certificates and many
>     > other things in all their "glorious" detail as JSON, including all
>     > extensions and what not, and that's made possible by these
>     formalisms.
>     >
>     > I beg the next person to re-invent this darned wheel to please
>     educate
>     > themselves as to what came before.  Among many lessons you
>     should learn,
>     > learn that some things can't be monetized well enough, or at
>     all, or can
>     > only be monetized in exchange for limiting their adoption, so
>     figure out
>     > what your goals are, then align pricing and licensing with those.
>     >
>     > And since open types appear to be unavoidable, but also always a
>     pain if
>     > you don't have the metaschema to express the metadata needed to
>     automate
>     > their handling, don't forget to cover that.
>     >
>     > XML, of course, with namespaces and references, has a reasonable
>     > approach to open types as well.  It's not just ASN.1 that gets that
>     > right well enough.
>     >
>     > Nico
>     >
>     > [*] A big thank you to RFC 5912's authors, though sadly one of
>     them has
>     >      passed.
>     >
>