IETF Logo Mail Archive

Re: [saag] ASN.1 vs. DER Encoding

Benjamin Kaduk <kaduk@mit.edu> Sat, 30 March 2019 15:31 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F4EC12023B for <saag@ietfa.amsl.com>; Sat, 30 Mar 2019 08:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xeVi6yIJwA4W for <saag@ietfa.amsl.com>; Sat, 30 Mar 2019 08:31:12 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3523120228 for <saag@ietf.org>; Sat, 30 Mar 2019 08:31:11 -0700 (PDT)
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2UFV2Ql007842 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 30 Mar 2019 11:31:04 -0400
Date: Sat, 30 Mar 2019 10:31:02 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Nico Williams <nico@cryptonector.com>
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, "Dr. Pala" <madwolf@openca.org>, "saag@ietf.org" <saag@ietf.org>
Message-ID: <20190330153101.GT35679@kduck.mit.edu>
References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190327151545.GG4211@localhost>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/c5oNsNLw04r9hnbpNA5thSRBQZI>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Mar 2019 15:31:26 -0000

On Wed, Mar 27, 2019 at 10:15:46AM -0500, Nico Williams wrote:
> On Wed, Mar 27, 2019 at 09:45:16AM +0000, Peter Gutmann wrote:
> 
> > >Thus there is almost zero benefit to self-describing encodings.
> > 
> > ... apart from the fact that they can be statically analysed to check whether
> > they're well-formed or not, unlike the encodings in PGP, TLS, IPsec, SSH, ...
> 
> The protocols you list don't use a formal syntax, which instantly makes
> validity checking harder (can't generate the code!).  But if they had
> used XDR, or ASN.1 with PER/OER/..., you could in fact automatically
> check the validity of the encoding of a message.

N.b. that the protocol descriptions in RFC 8446 were run through an
automated syntax checker (IIRC, by Kazuho, though I'm not confident of that
and only bought 20MB of data for this  plane flight).  So I'm not entirely
convinced that this claim applies to TLS 1.3.

-Ben

v2.23.0 | Report a Bug | By Email