IETF Logo Mail Archive

Re: [saag] ASN.1 vs. DER Encoding

Benjamin Kaduk <kaduk@mit.edu> Wed, 03 April 2019 03:05 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E73112045D for <saag@ietfa.amsl.com>; Tue, 2 Apr 2019 20:05:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pxsc6lQj6mX1 for <saag@ietfa.amsl.com>; Tue, 2 Apr 2019 20:05:17 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A11E12044F for <saag@ietf.org>; Tue, 2 Apr 2019 20:05:16 -0700 (PDT)
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x33354R1020489 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 2 Apr 2019 23:05:06 -0400
Date: Tue, 02 Apr 2019 22:05:04 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Nico Williams <nico@cryptonector.com>, Kazu Yamamoto <kazu@iij.ad.jp>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "Dr. Pala" <madwolf@openca.org>, "saag@ietf.org" <saag@ietf.org>
Message-ID: <20190403030503.GI54777@kduck.mit.edu>
References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> <20190330222534.GK4211@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190330222534.GK4211@localhost>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/LqMNDQejtF6H3e1Nucpi9TMxk34>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2019 03:05:19 -0000

On Sat, Mar 30, 2019 at 05:25:35PM -0500, Nico Williams wrote:
> On Sat, Mar 30, 2019 at 10:31:02AM -0500, Benjamin Kaduk wrote:
> > On Wed, Mar 27, 2019 at 10:15:46AM -0500, Nico Williams wrote:
> > > On Wed, Mar 27, 2019 at 09:45:16AM +0000, Peter Gutmann wrote:
> > > > >Thus there is almost zero benefit to self-describing encodings.
> > > > 
> > > > ... apart from the fact that they can be statically analysed to check whether
> > > > they're well-formed or not, unlike the encodings in PGP, TLS, IPsec, SSH, ...
> > > 
> > > The protocols you list don't use a formal syntax, which instantly makes
> > > validity checking harder (can't generate the code!).  But if they had
> > > used XDR, or ASN.1 with PER/OER/..., you could in fact automatically
> > > check the validity of the encoding of a message.
> > 
> > N.b. that the protocol descriptions in RFC 8446 were run through an
> > automated syntax checker (IIRC, by Kazuho, though I'm not confident of that
> > and only bought 20MB of data for this  plane flight).  So I'm not entirely
> > convinced that this claim applies to TLS 1.3.
> 
> ISTR hearing about that, but the RFC does say:
> 
>   3.  Presentation Language
> 
>      This document deals with the formatting of data in an external
>      representation.  The following very basic and somewhat casually
>      defined presentation syntax will be used.
> 
> which is basically saying it's not a formal syntax.

We never bothered to remove the disclaimer, but the meaning is well-defined
and that's really all you need to make it a "formal syntax".  That text
seems unchanged from RFC 5246 (which really was a bit more slapdash about
the formal definition).

> Now, perhaps it can be be formalized.  If so, was that done for the
> checking you mentioned, and was it lost?  That would be unfortunate.
> 
> Are there implementations that generate codecs for TLS?

It looks like (per https://github.com/tlswg/tls13-spec/pull/999) I was
thinking of Kazu Yamamoto's
https://github.com/kazu-yamamoto/tls13-spec-validator which I guess will
generate haskell for the presentation language.
https://github.com/tlswg/tlswg-wiki/blob/master/IMPLEMENTATIONS.md does
list a Haskell implementation with Kazu as author (if we chase the link).
But I don't know if the implementation uses the generated code directly or
not.

Kazu, can you enlighten us?

Thanks,

Ben

v2.23.0 | Report a Bug | By Email