Re: What ASN.1 got right

Nico Williams <> Wed, 03 March 2021 00:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0194A3A14FD for <>; Tue, 2 Mar 2021 16:19:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lGr-Y9nfX5jZ for <>; Tue, 2 Mar 2021 16:19:21 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6BEFC3A18B2 for <>; Tue, 2 Mar 2021 16:18:32 -0800 (PST)
X-Sender-Id: dreamhost|x-authsender|
Received: from (localhost []) by (Postfix) with ESMTP id BDBCF122160; Wed, 3 Mar 2021 00:18:30 +0000 (UTC)
Received: from (100-96-18-39.trex.outbound.svc.cluster.local []) (Authenticated sender: dreamhost) by (Postfix) with ESMTPA id 4B221121F85; Wed, 3 Mar 2021 00:18:30 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by (trex/6.0.2); Wed, 03 Mar 2021 00:18:30 +0000
X-MC-Relay: Good
X-MailChannels-SenderId: dreamhost|x-authsender|
X-MailChannels-Auth-Id: dreamhost
X-Eyes-Shoe: 5fdc1c6c20bfb602_1614730710562_805641274
X-MC-Loop-Signature: 1614730710562:514899938
X-MC-Ingress-Time: 1614730710562
Received: from (localhost []) by (Postfix) with ESMTP id 08B0F7E6D9; Tue, 2 Mar 2021 16:18:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to;; bh=qzfm1yYcyjeDhx zGVu/BmnNNB3Q=; b=JuGDD7ahEbN4p6ya+N+w2Zu+//u8lkC3SolQHffIQ/zKNB lWu7+vF/VBFChTAwG/TeN7gEI8ceredjVFniptQrw36g3RXPujEvqn4KFGJn4Vu6 U0guaoLv+fuBu0C7qK+VpWL3Rh2QiQFKvx+VWGYWzHYNkG88TYwNxyuHy2FdQ=
Received: from localhost (unknown []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: by (Postfix) with ESMTPSA id E91FA7E3D7; Tue, 2 Mar 2021 16:18:27 -0800 (PST)
Date: Tue, 2 Mar 2021 18:18:25 -0600
X-DH-BACKEND: pdx1-sub0-mail-a14
From: Nico Williams <>
To: George Michaelson <>
Cc: Michael Thomas <>, Phillip Hallam-Baker <>, IETF Discussion Mailing List <>
Subject: Re: What ASN.1 got right
Message-ID: <20210303001824.GY30153@localhost>
References: <> <20210302183901.GV30153@localhost> <> <> <> <> <> <> <20210302234928.GX30153@localhost> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 03 Mar 2021 00:19:23 -0000

On Wed, Mar 03, 2021 at 10:00:35AM +1000, George Michaelson wrote:
> I "worked" (some might dispute it was work, or even helped) on X.500
> in UCL-CS under Steve Kille, and at CSIRO, in this time. (on Quipu)
> and at UQ in a national X500 project we ran in AARNet.
> The X.500 nameforms are complex because human names are complex. I
> have friends with one name, who are forced to enter their names twice,
> to pass input field validity checks, and who have problems at borders
> with their passport and data matching.

And yet name@domain has succeeded where X.500 failed.  That's because
people like nicknames, and name@domain is a nickname.

> X.500 is complicated because names are complicated.

Also, X.500 for naming humans isn't very complicated.  In PKIX it's
givenName, initial, surname, generation qualifier, and title.  It could
have been more complicated.  My mother had 3 middle names, for example.

It's true that somewhere one has to put complex name information, but
it's not true that one must use complex name information everywhere and
all the time.  Nor is it true that one must parse complex names into
complex data structures when simple strings might suffice.