Re: What ASN.1 got right

George Michaelson <> Wed, 03 March 2021 02:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6355B3A168C for <>; Tue, 2 Mar 2021 18:10:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.9
X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BIGNUM_EMAILS=1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id A-8gsff6jxo9 for <>; Tue, 2 Mar 2021 18:10:28 -0800 (PST)
Received: from ( [IPv6:2a00:1450:4864:20::129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 07E8B3A1689 for <>; Tue, 2 Mar 2021 18:10:27 -0800 (PST)
Received: by with SMTP id p21so34507703lfu.11 for <>; Tue, 02 Mar 2021 18:10:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lUYUja6Exi2Hr/Jz3clXild3qXPELaov6B968v7Do04=; b=01uxTUuP68xuGSbyVuBaApuoiCvmH9CgGUHhkrMquAtP2uWlgU1GJwofX6iAZuoYBJ m7Qmnl+VGYowMASS3nDpYydVzPqPjdcN/JMyuR9sGXy/sHteJTuBeVSBI2vmW2qNWZLk 5Qjg3EVF3jJttJo4fIkhmFa6VW6UgZ2uTDKMnP4Uk9TgKM+LETKQnMxkI8LgV6nCihPI ysyiqwVxJx4W33o8GylxwNg8K0GKRGN+YxzV+7qst9lHR6pUomahbZLRmFU6AtpqgHXR pMnoBh1f1W77IEFqeUBuM+0z0IlJMpgwRkN/yULlDdXq4eSs1CndFjvfUdaKhtWPuVKW HKdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lUYUja6Exi2Hr/Jz3clXild3qXPELaov6B968v7Do04=; b=XXTKOZPpVysCzqvDzIQiO6dT2xrbuG/yvWzQOK0TolZU2HH7VFeCNvFPiwtNXGScoy wFzrZ64Zzk+DXSEXnf4+k4QdV5/cjZ+pRUe2P3MPZ84IyYIzqFapRgacTUf6E3a2b8bo Gh16zlJF/3Ai/vZrRTU9DRLssQOSKCezH26XydY3C+BBTeB04fn+GRe66r6eIvNU4yhF 1w6yhPlM+7cQeWlu7VvW313JQB66vNwSA6ygpx7M8Qa9aejVOtq5hMi2VqhSgz7L3f88 +rkIgTLu98hpq0TookYKwqRpY9WVW5KZF/YSkpTA+yyLU+6X0O8ZDhTRGuO/bv1SxGdq ETag==
X-Gm-Message-State: AOAM5311z9wdXFD3frWaKGYxvzh2VC8qO/j9B+cjPuIztqAQbWiJT+P5 yj/BIcYaZd1p3YZPlQg2426qWNcPSX7qXe/Byy3FJxL/hms=
X-Google-Smtp-Source: ABdhPJzfl6ubhMYQHOILTi9roMQZSblCvvbNz1BwdPir3yQ5dtP9l3fBXvoVY26vX/mOVDmJ6TNHP7mY0DHlWuRMeEs=
X-Received: by 2002:a05:6512:22c2:: with SMTP id g2mr14310730lfu.634.1614737425056; Tue, 02 Mar 2021 18:10:25 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <20210302183901.GV30153@localhost> <> <> <> <> <> <> <20210302234928.GX30153@localhost> <> <>
In-Reply-To: <>
From: George Michaelson <>
Date: Wed, 3 Mar 2021 12:10:13 +1000
Message-ID: <>
Subject: Re: What ASN.1 got right
To: Christian Huitema <>
Cc: IETF Discussion Mailing List <>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Mar 2021 02:10:31 -0000

I think you worked on this far more than me, and I think your work on
this was far more important than mine. Mainly, I recall you hosting
the collaborative workshop in INRIA and my pleasure at red wine and
fresh fruit for lunch, from the refectory. Happy days!

I don't  disagree with anything you say Christian. Your point is (to
me at least) people want simpler forms to use in everyday life.

If however, you drive X.500 into use for structural naming against
government process, documents, your legal status against other people,
rank (in the military) then these complexities surface very rapidly.
Lying underneath, is the problem in the US where some people never
completely recover from identity theft because these structural forms
were not properly respected, and simpler use of names and identity
were overwritten. When you fill in paperwork, which is going to mint a
digital identity, there is what CN and SN have become. When you want
to find the correct instance of somebody against the 1000 other people
with "the same name" it becomes important which field was used for
which element.

X.500's complexity reflects goal-seeking to "but what is the
functionally correct attribute in a model, for this data" when names
tend more towards "what do you call yourself, and how unique is this
in context"



On Wed, Mar 3, 2021 at 10:20 AM Christian Huitema <> wrote:
> On 3/2/2021 4:00 PM, George Michaelson wrote:
> > X.500 is complicated because names are complicated.
> Well, no. George, I worked on X.500 at the same time you did, and my
> conclusions are different. X.500 names main source of gratuitous
> complexity what that they embedded an arbitrary hierarchy. If I remember
> correctly, the name hierarchy in X.500 embedded things like country
> name, telecom company name, city, street, company (aka, organization),
> department (a.k.a., organization unit), maybe several levels of those,
> and then common name. Some attributes did not identify the person at
> all, but where there to route the query to relevant database. Many of
> these attributes are useful when searching for "Jane in Marketing", but
> the fact is that pretty much each of those attributes have different
> possible values like short or long versions, and that they are probably
> not all required to identify the person. In order to manage the system,
> users were expected to pick a specific subset of "distinguished"
> attributes, which would have enough routing information in them to find
> the relevant database and then uniquely identify an entry in that
> database -- that's why the X.500 names in certificates are called
> "distinguished names". Suffice to say that people found it way easier to
> refer to "".com".
> -- Christian Huitema