Re: What ASN.1 got right

Keith Moore <moore@network-heretics.com> Thu, 04 March 2021 19:24 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 049A33A14CE for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 11:24:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5F6JFCRAqby2 for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 11:24:31 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1BA523A14C9 for <ietf@ietf.org>; Thu, 4 Mar 2021 11:24:31 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 208305C00D7 for <ietf@ietf.org>; Thu, 4 Mar 2021 14:24:30 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 04 Mar 2021 14:24:30 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=VHhSD5MFx02NjzSJ2fIsWuCjlRV/F+KjXN9oQfOxo Xc=; b=rNEVjbd0iqQhlZW7TQRbCNvXI293+6WIjwRh1gYJLOizF84tC3P4iwV0l nav9fcCTOaLKoTymUmoUFMJUxTDIJzNQ0NfSXQduq5f9lKZmcN1dAurojNdZYebQ Ow8fkTenotr3bPCwzxP820liZYsBwkAbQQw2PZD3EKZluHczxszxngPGrRYkT0mj +l38CP/VdS8atePLhPpcEKsAS3Ngevjb5Uj1x9MXwWsmqHL+QK/nr67KBHZs+7gP 8L2iuXMKW7bEkcwjhUMRWDY4K3TyYErj2nkKHP/mSdrKgr+Ea4NfCcYXkLByc55t oyiOQXY41JJQDkuPcNYI346JhLy0A==
X-ME-Sender: <xms:7TNBYDhhSGxZa8C7LAaxcAOx0slj9aDzcpPSZoAW9ahSE_g_XtKaiA> <xme:7TNBYP81P7pzOx45b-2pei_goC-7nkvSX9vmBZrVWTlquFED9rTieg--DcJbtVIDK q1FEiv1sD-fjQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledruddtgedgudduhecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepuffvfhfhkffffgggjggtgfesth ekredttdefjeenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvght fihorhhkqdhhvghrvghtihgtshdrtghomheqnecuggftrfgrthhtvghrnhephefhuedthe efgfefgffhkeehgfeugfeiudeugeejkeefleelueeiffetfeeuudeunecukfhppedutdek rddvvddurddukedtrdduheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmh grihhlfhhrohhmpehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:7jNBYP8MpqFwP9CL6Hc_Bx3DdueBLbKXH0qcVHqYYIAw7W0e9_WP7g> <xmx:7jNBYICPH-KeNKPDnma-W77weY-k1-H4iRQLhaC7EiFi0NEnO-B6fQ> <xmx:7jNBYPwiXPtMwBYIRZMurdkzX_igoouOES7NWf8aC2PhZmzbW2JZ9g> <xmx:7jNBYEomR-qSEaX-6vG_5RE1pDrhtBNMlET3w2LaUb55RHIaT1KL-Q>
Received: from [192.168.1.90] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id D7AFF1080064 for <ietf@ietf.org>; Thu, 4 Mar 2021 14:24:29 -0500 (EST)
Subject: Re: What ASN.1 got right
To: ietf@ietf.org
References: <20210302010731.GL30153@localhost> <0632b948-9ed1-f2bd-96da-9922ebb2aa60@mtcc.com> <YECpybvczdbKHvHx@puck.nether.net> <CAMm+LwiiySi5O1_WDc4-F9x1XfMFFvE-rEbc4uw+31DHJNEHEA@mail.gmail.com> <86b382d8-dd3c-ed0a-8dde-f0837cf10e98@mtcc.com> <21f4daa7-fe35-3d85-a7ff-b547cfe55ff7@network-heretics.com> <b542f10e-c9ec-f08e-b023-dca4f518fcc0@mtcc.com> <b3605b00-8797-b714-7bc9-82ab488b40bf@network-heretics.com> <9444a9d3-837b-8ff3-2f91-4407c496d851@mtcc.com>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <6f6d8e67-e135-1314-e803-586d242ca570@network-heretics.com>
Date: Thu, 4 Mar 2021 14:24:29 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
MIME-Version: 1.0
In-Reply-To: <9444a9d3-837b-8ff3-2f91-4407c496d851@mtcc.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Iqvpxfa3kUw0jRe0GVkMNGrPYFE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2021 19:24:33 -0000

On 3/4/21 2:17 PM, Michael Thomas wrote:

> My point here isn't to defend how TLS works, it's to say that almost 
> nothing requires the truly offline verification aspect that x.509 
> brings to the table.
>
Emphatically disagree.   There are lots of situations requiring "truly 
offline" certificate verification.


> I can (and have) built a asymmetric key login mechanism that just puts 
> naked public keys into a user table of a database, for example. The 
> x.509-first view of the asymmetric keys world has confused a lot of 
> thinking and had I introduced it to that mechanism it would have 
> worlds more complex and much harder to understand. Designers should, 
> dare I say it, be looking at the actual requirements of the system 
> before settling on a particular solution.
>
Perhaps you should take your own advice.

Keith