IETF Logo Mail Archive

Re: [saag] ASN.1 vs. DER Encoding

Christian Huitema <huitema@huitema.net> Sun, 31 March 2019 03:44 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E977120127 for <saag@ietfa.amsl.com>; Sat, 30 Mar 2019 20:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qi3g_ZSfNqeR for <saag@ietfa.amsl.com>; Sat, 30 Mar 2019 20:44:01 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47F5512011D for <saag@ietf.org>; Sat, 30 Mar 2019 20:43:56 -0700 (PDT)
Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx147.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1hARNk-000qkB-2r for saag@ietf.org; Sun, 31 Mar 2019 05:43:54 +0200
Received: from [10.5.2.12] (helo=xmail02.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1hARNX-0006vB-AS for saag@ietf.org; Sat, 30 Mar 2019 23:43:28 -0400
Received: (qmail 28042 invoked from network); 30 Mar 2019 18:43:24 -0000
Received: from unknown (HELO [10.252.110.129]) (Authenticated-user:_huitema@huitema.net@[198.134.98.50]) (envelope-sender <huitema@huitema.net>) by xmail02.myhosting.com (qmail-ldap-1.03) with ESMTPA for <kaduk@mit.edu>; 30 Mar 2019 18:43:23 -0000
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Christian Huitema <huitema@huitema.net>
X-Mailer: iPhone Mail (16D57)
In-Reply-To: <20190330153101.GT35679@kduck.mit.edu>
Date: Sat, 30 Mar 2019 11:43:22 -0700
Cc: Nico Williams <nico@cryptonector.com>, "Dr. Pala" <madwolf@openca.org>, "saag@ietf.org" <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C3D9DD15-AB23-4B42-BA61-A4E4CD826B77@huitema.net>
References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Originating-IP: 168.144.250.232
X-Spampanel-Domain: xsmtpout.mail2web.com
X-Spampanel-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-Spampanel-Outgoing-Class: ham
X-Spampanel-Outgoing-Evidence: Combined (0.07)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5lrJtdcpY/4G7YGwwUmWvqp602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvO4aMtG2lQcetUzONmBGEKwds1ujulqUFmMITHM77eiVi+Z/F5GkA5Zc/R72EJgnNic7i TvJ2/ZGzVWB9scFAaCdIFaUvXN+CI+RGy3Me16pB8RBibF9DNITiqTP9hfS9zU5EpHPznVavQp4h 1cyzxbRC4xvs/7iGgDKhZ45D5vihvZAdx4vjUFLh0kXGIOazxFpgLxqZUFZdwbOLffZB9SIbeA2G NaAif0QyGEAJd8kel+zffa+S3paXsykGResyE7dAzbZabvf4+eAvvSn0D5YzxzA4C4+ILjmdkQoL 6F7cCSavQBrPoagEXfZ210Cx8bwqyT5p50x81ZKcmzCu2U1l0pLLr6Q2GfeLeJGF+80DrsibCyBr x+YtCB8oetqRijWKtLT9WR57oxUvRixjadcobnduoQv5Sp6y3SmK1n5SK/lIPtlUiBhTzlv5XU8Y E2iH1Wgh6RAenBR+licROGZo/5bs71XwBmcfZ8NfeEmrvy7NvAbxEgZSsI+HSLa0ceWBBulHluUZ /Ien+66f/ypk354Leo8WHhg9Xcph2esmZk4AVtnYApSiFQp1w3dnUjMTi5Xt/sRoctxyu5EZ7wRl sQ6lNTZIrBtlLeoEHaVN0z6bhalFEM/pjPCQA+BAlsmxjTcEgjAf7uHQSebz5itZYSpQQtCkh8qZ SV0LCxteLaZEAHk2LN6MCYMXWHrmyKiE/9fhE5t2jvMC1yN4N4ghu1/rdU1t/SWu+yxj6TsAzBpI RKEYj3P5LT70ZY4uKy6Ua8iVFQnyU0X+eDelmfS9UshveVgoiypAicYsWUtdqW+JovcC0XtHTtan zqbG/I4cvttr0tmBjeIn/Z/emtVQvYq5Gwe6V5p1dZXUJLl9UHdlPJIlgYKUOVb4Kg3Ivfi62j4u w/K+m8SGihSRsuS3byv3CjhKpQiDxiH2EAzS5xSvMev/h5X3p2+rThvFRg==
X-Report-Abuse-To: spam@quarantine9.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/2526aCoc1_aJ0kzUy4BttoeKzXU>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2019 03:44:04 -0000

 

> On Mar 30, 2019, at 8:31 AM, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> N.b. that the protocol descriptions in RFC 8446 were run through an
> automated syntax checker (IIRC, by Kazuho, though I'm not confident of that
> and only bought 20MB of data for this  plane flight).  So I'm not entirely
> convinced that this claim applies to TLS 1.3.

The TLS messages are defined with a formal syntax. It may be an ad hoc syntax, but the descriptions are readable and verifiable by compilation or verification tools.

The TLS syntax appears specifically designed to avoid many of the pitfalls TLV encodings. For example, the syntax defines the fixed encoding length of all integer and length fields, and uses intermediate octet array encodings for extensions. It is certainly much easier to get right than BER or DER.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email