IETF Logo Mail Archive

Re: What ASN.1 got right

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 04 March 2021 14:58 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC66B3A0CC5 for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 06:58:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LRWz8itQ_YIo for <ietf@ietfa.amsl.com>; Thu, 4 Mar 2021 06:58:07 -0800 (PST)
Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34BF63A0D8C for <ietf@ietf.org>; Thu, 4 Mar 2021 06:57:59 -0800 (PST)
Received: by mail-yb1-f178.google.com with SMTP id f4so28795954ybk.11 for <ietf@ietf.org>; Thu, 04 Mar 2021 06:57:59 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rZGP9jhlmBbDc0lcgnAxucGIM4so/uwM0hTsU1vH5JI=; b=KP4J2eGtw5GfnTkRhugrj8NQ0JVcne4Y4DO2HVai5nj3iWcPuRHHWHfmYM/AJitNfZ LfmyxpI/G5SoNXYNBkMI0mg2HnZgvz51Rz+N7k4JXbndsCHX6FXAbQEe/UyvQ4QuemRi KjpNjmrmn1RnjRbRsieHRFoRizVOi9n9ve+z4kP+NEunxe3z87UIyi/7L2RGuGiCN/bK xeKxU0s4+/9yXtFrM+GqGSfeCGpz07qDwmZG93p3+2km75Dzy1DzTR+18zwEkfEXA5se k6iDxZtKhBTCL/4awnIq7FuGsaYpX240dv6A/9Hal/yPzeNjsq1ukjA0gN9JsXcjqWBc Pj6Q==
X-Gm-Message-State: AOAM531EVfoT6PX5uZuX2CRGxugcnHYZtP15rnsJY31xXNWYU7SLpMa3 2o586dvZJdxHBYy9WEGVQz4S+nQu8LmWajJTIP1RmPq99C8=
X-Google-Smtp-Source: ABdhPJwmcuRWU5wgxjojSiJT62mwbgsDb/ssuJ689OPyjUTqsJSe7PY/q1zicpsas1JHm2sChGRwfJU24MLat1+1yII=
X-Received: by 2002:a25:2ac3:: with SMTP id q186mr7110280ybq.213.1614869878351; Thu, 04 Mar 2021 06:57:58 -0800 (PST)
MIME-Version: 1.0
References: <20210302010731.GL30153@localhost> <0632b948-9ed1-f2bd-96da-9922ebb2aa60@mtcc.com> <YECpybvczdbKHvHx@puck.nether.net>
In-Reply-To: <YECpybvczdbKHvHx@puck.nether.net>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 04 Mar 2021 09:57:47 -0500
Message-ID: <CAMm+LwiiySi5O1_WDc4-F9x1XfMFFvE-rEbc4uw+31DHJNEHEA@mail.gmail.com>
Subject: Re: What ASN.1 got right
To: Jared Mauch <jared@puck.nether.net>
Cc: Michael Thomas <mike@mtcc.com>, IETF Discussion Mailing List <ietf@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000752b8305bcb7313f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/XyVenTYHSSvvX9Ed6OL2zVEpAbc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Mar 2021 14:58:15 -0000

On Thu, Mar 4, 2021 at 4:35 AM Jared Mauch <jared@puck.nether.net> wrote:

> On Mon, Mar 01, 2021 at 05:18:10PM -0800, Michael Thomas wrote:
> > The combination of ASN.1 and X.509 has done irreparable harm to identity
> on
> > the internet. X.509 provides exactly one benefit: the ability to verify
> > offline that almost nobody cares about anymore. They have needlessly
>
>         As someone who had to build my own fiber/internet access in
> a developed country, I believe the community often misses the mark in
> assuming everyone is as well connected as they are.
>
>         I encourage you to review this assumption.
>

It is really rare that people try to use TLS without Internet connectivity.
And the deployed base really isn't good at working in that mode.

Kohnfelder was originally writing for email messaging. But even then, how
do you send a mail without some connectivity?

X.509 is really optimized around the totally offline case. And that is a
bad choice for many applications. But it does work for some.

v2.23.0 | Report a Bug | By Email