IETF Logo Mail Archive

Re: [saag] ASN.1 vs. DER Encoding

Nico Williams <nico@cryptonector.com> Tue, 26 March 2019 22:11 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2ED621200B9 for <saag@ietfa.amsl.com>; Tue, 26 Mar 2019 15:11:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9bdn_o65zcsu for <saag@ietfa.amsl.com>; Tue, 26 Mar 2019 15:11:02 -0700 (PDT)
Received: from common.maple.relay.mailchannels.net (common.maple.relay.mailchannels.net [23.83.214.38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D826120058 for <saag@ietf.org>; Tue, 26 Mar 2019 15:11:02 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9363B1419F0; Tue, 26 Mar 2019 22:11:01 +0000 (UTC)
Received: from pdx1-sub0-mail-a5.g.dreamhost.com (100-96-4-94.trex.outbound.svc.cluster.local [100.96.4.94]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 9AC481415A6; Tue, 26 Mar 2019 22:11:00 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a5.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 22:11:01 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Soft-Wide-Eyed: 1da4794a556d9276_1553638261114_3412191686
X-MC-Loop-Signature: 1553638261114:2222414837
X-MC-Ingress-Time: 1553638261114
Received: from pdx1-sub0-mail-a5.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTP id C6B0E7FC30; Tue, 26 Mar 2019 15:10:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=0vCExuSNIvuRay mffuhJd5aYTcY=; b=JevCB7SD4yWIpwkfiy407Uh0axXV4Rl832qfSU4k7MdSl6 IyAdCouihBso846WP5lrCX8zq6nwr9wF3M9TJaTVu+86OHJGaVZRQb1OJm9+FxPl FCHI2k4IiepE59wWFyA1Bm2KIYms/4H08O6mT8hOdqPHUuEKYPVZIfIH7Ox34=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTPSA id 89D177FC3A; Tue, 26 Mar 2019 15:10:57 -0700 (PDT)
Date: Tue, 26 Mar 2019 17:10:55 -0500
X-DH-BACKEND: pdx1-sub0-mail-a5
From: Nico Williams <nico@cryptonector.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: "Dr. Pala" <madwolf@openca.org>, "saag@ietf.org" <saag@ietf.org>
Message-ID: <20190326221053.GD4211@localhost>
References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <20190326215626.GS86501@kduck.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190326215626.GS86501@kduck.mit.edu>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdduvddvucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Goii-pbmDfFikAIgzqJI4CMaOjI>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 22:11:05 -0000

On Tue, Mar 26, 2019 at 04:56:26PM -0500, Benjamin Kaduk wrote:
> On Tue, Mar 26, 2019 at 04:48:18PM -0500, Nico Williams wrote:
> > I wrote earlier that:
> > 
> > > And then they (rightly!) hate BER/DER/CER, so they propose inventing
> > > something new, often badly.  In this field, there is nothing new.  I'm
> > > sure even flatbuffers isn't new.
> > > 
> > > I say "rightly" because TLV encodings are just terrible.  We really do
> > > need non-TLV encodings (see below).
> > 
> > Now to back up that assertion:
> > 
> > 1) TLV encodings are bloated by nature due to being highly redundant.
> 
> Before I dig in too far to the rest, just to check: you're limiting to TLV
> encodings that are nested and still do TLV at every level of the hierarchy?
> I can't tell if you don't like things that are more like "a flat array of
> things, each of which has tag, length, and (usually not nested) value.

The former.  Specifically the BER family of encoding rules.

I indicated further down that it's not possible or easy to entirely
avoid nested lengths, but that TLV ERs necessarily have many more of
them than is absolutely necessary.

Each unnecessary length nesting is one more place where a careless or
inexperienced programmer can make a serious mistake in a hand-rolled
codec.

Sure, we should all be using Rust, and none should be hand-coding a
codec, which, if it were the case, would limit the TLV damage to bloat,
and possibly precluding on-line encoding (see further below in my post).

Bloat, however, is still a problem.

If you have tooling, then there's no use whatsoever to TLV ERs for new
protocols, and then you don't need to suffer even just the bloat.

Nico
--

v2.23.0 | Report a Bug | By Email