Re: [saag] ASN.1 vs. DER Encoding

[Nico Williams <nico@cryptonector.com>]

On Tue, Mar 26, 2019 at 08:38:58PM +0100, Michael Richardson wrote:
> ASN.1 is the goo the causes DER encoding to be present on the wire.

ASN.1 has a number of encoding rules options.  One can always add more.
Indeed, the IETF already has!  (Search for GSER.)

It would be more accurate to say that "ASN.1 is the goo that generally
causes us to use DER encoding", but to be truly accurate I'd rephrase it
as "often, because we've chosen DER in the past, we tend to or have to
stick to DER in the future".

E.g., if you're working on an extension to PKIX/CMS/Kerberos, it's
pretty natural to use DER for it because if you have a PKIX or Kerberos
implementation, chances are you have an ASN.1/DER implementation You
could use a different encoding, but sticking to what you already have
tooling for is the simplest thing to do.

If you're making changes to PKIX/CMS/Kerberos that don't even fit in BIT
STRING / OCTET STRING typed holes, then you must use DER.

> While it is true that ASN.1 could be used with different encoding rules,
> nobody really cares about that.   Almost nobody uses encoders/decoders that
> generate code from ASN.1 today, it's all hand-coded...
> 
> This is why we hate DER, and we like CDDL/CBOR.

It would be easier for me to adapt Heimdal's ASN.1 compiler to support
alternate encoding rules than to start from scratch or add a new syntax
to it.

The syntax is just a syntax, but by ditching ASN.1 gratouitously you
force me to spend a lot more effort on my tooling, thus creating more
new legacy, and also more old legacy if I do start from scratch (because
now I have TWO implementations of different but similar things to
maintain).

That is huge cost that CDDL is going to force on the rest of us, which
is why, unless there is some compelling reason for it, or unless there
is a straightforward mapping between the two syntaxes (which would make
clear that the one is not necessary, but at least not too problematic)
I'm opposed.

If there's a simple mapping between CDDL and ASN.1, then I'll grudgingly
accept CDDL.

>     > Maybe this distinction is not important for people that already have a
>     > good understanding of the information model, however there might be
>     > newcomers (new IETF-ers or just new to the security area) that might
>     > think the two are the same when they are not, in my opinion.
> 
> They are, from a practical point of view, the same.
> That wasn't true back in 1986, but many of the people who would make the
> mistake were not even alive then.

It's the reverse.  In 1984 BER/DER/CER were pretty much the only ERs,
and PER was a thing the ITU-T was building in response to the Internet
community's dislike of TLV encodings.  Now there's a plethora of
encoding rules.

You might say that perception trumps things, but if it's your perception
and you're not willing to consider that it's wrong, then I'd say that's
a problem because it causes me to do more work to deal with the fallout
of your incorrect perception.

CBOR is fine, and we do need better alternatives to BER/DER in the IETF,
but we don't need a new syntax.

Nico
--