Re: What ASN.1 got right

Michael Thomas <> Tue, 02 March 2021 18:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C9BC23A0BDB for <>; Tue, 2 Mar 2021 10:19:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vpPHUYt72WBO for <>; Tue, 2 Mar 2021 10:19:57 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 79AFF3A0BD5 for <>; Tue, 2 Mar 2021 10:19:57 -0800 (PST)
Received: by with SMTP id h4so14362658pgf.13 for <>; Tue, 02 Mar 2021 10:19:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=fluffulence; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=MWHkGx3yLQPb/102TqIbu1IdU9Hw+Q6tTr4Rl851dZQ=; b=j/9bqjJxFYdn9s5ITTK3TZItR4axE03VxUUoB0Dv+32RHkXbHdjUs4+cRBTnCgAHIg vA8gs9pOFIAnGZ/o0bmVlHxDG7driXSUCnToChahKd0qgJp/i30pUoVbU+hGWrsrK5MP 2TIEYdGBvwlYUHSwsZv7igx6fCQh37pK3nOCsXNcQtmxk4OTMIVLhFaaL4eXDAg3XDKx zA8yNGZ/W7/xhx6gbKum5+SSf8nia6TrYCaUSMD1t3weXWvK0W45Fe0tYiDI3/yA/Dir SkCriAUx3QlobLe0u4ctbhuOb21VdgUg//h5TbvYvV+ygpbCyTBCbc/TVxZFWAYXF4/P AxfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=MWHkGx3yLQPb/102TqIbu1IdU9Hw+Q6tTr4Rl851dZQ=; b=FUw0dEQXOTgwf/8zuJMSy6gEQqm/AB+FW41wCglRVD0rVibMkAoabDzYzAEBFQaR8O O/8bmOLCry9jBF7cjvXQZpw6IXZMy9Bm+B+DL2WW1iBQhmGGG2DyrjaGI+sf6tn58DFf SqxxdQaxUUvoY9YKWKuJN0ZEFF9ps1LhplYnktsghxRBLO/fbK52LT8fZNSFaKwth5wf 5sRH/RVzZUp3dhd/ZXcSHAMQK8RZETRVgCk/sv299c5TMWVLwDmCzFJU8VHkm7ClPFm9 LS1thYi1n6dIa2FmLk3EV9969zQNJkli6tkZBZJG4W9unYUiv0LgmDoaGL4yh6ttnzFq y/JA==
X-Gm-Message-State: AOAM531Qsh9v1oVLjKZOzeW7nn9mn50Z2IVCONsq/nXlA9orNH+a+XXn RJfaEz2B6cGGyanKVfCaYcwZFvuGAYFkFA==
X-Google-Smtp-Source: ABdhPJxsfnE6midL8WUrLgV/N8yPhDi0iM1phRiOaz/MPU+lGGqbhowqbknscA/eM7DY1gVvo8umTQ==
X-Received: by 2002:a65:6289:: with SMTP id f9mr18676145pgv.373.1614709195943; Tue, 02 Mar 2021 10:19:55 -0800 (PST)
Received: from mike-mac.lan ([]) by with ESMTPSA id m12sm4060148pjk.47.2021. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 Mar 2021 10:19:55 -0800 (PST)
Subject: Re: What ASN.1 got right
To: Dirk-Willem van Gulik <>
References: <20210302010731.GL30153@localhost> <> <>
From: Michael Thomas <>
Message-ID: <>
Date: Tue, 2 Mar 2021 10:19:53 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Mar 2021 18:19:59 -0000

On 3/2/21 12:33 AM, Dirk-Willem van Gulik wrote:
> On 2 Mar 2021, at 02:18, Michael Thomas <> wrote:
>> The combination of ASN.1 and X.509 has done irreparable harm to identity on the internet. X.509 provides exactly one benefit: the ability to verify offline that almost nobody cares about anymore.
> Actually - to provide a counter point - with the current Covid-19 response effort - the fact that we have X.509 (and CMS, pkcs7/10) and can do off-line verification is proving to be a great asset.  As it allows for verification of signatures without the need for the verifier to instantly disclose to world+dog what they are doing. And this is in addition to the ability of any app to set up trusted connections based on cached/offline data. So I would not discount this aspect too quickly.
Er, how so? And what does it have to do with the covids? And once you 
rely on online crl's, it's all the same.