Re: [saag] ASN.1 vs. DER Encoding
Nico Williams <nico@cryptonector.com> Tue, 26 March 2019 22:27 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D10CF120071 for <saag@ietfa.amsl.com>; Tue, 26 Mar 2019 15:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g9D8VL4UcJQc for <saag@ietfa.amsl.com>; Tue, 26 Mar 2019 15:27:52 -0700 (PDT)
Received: from eastern.maple.relay.mailchannels.net (eastern.maple.relay.mailchannels.net [23.83.214.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBCB9120072 for <saag@ietf.org>; Tue, 26 Mar 2019 15:27:51 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 4D0606A23DC; Tue, 26 Mar 2019 22:27:50 +0000 (UTC)
Received: from pdx1-sub0-mail-a5.g.dreamhost.com (100-96-9-134.trex.outbound.svc.cluster.local [100.96.9.134]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 9EA516A25CA; Tue, 26 Mar 2019 22:27:49 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a5.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Tue, 26 Mar 2019 22:27:50 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Spicy-Thoughtful: 388612fb77cfe705_1553639270098_3289543994
X-MC-Loop-Signature: 1553639270098:1957264116
X-MC-Ingress-Time: 1553639270098
Received: from pdx1-sub0-mail-a5.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTP id 5B1CA7FC47; Tue, 26 Mar 2019 15:27:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=2y0EntSCxzqkEa 9sqsmAjhxIvC0=; b=ZoHnbfaUza5MnGqjypgBw3PPm/4Kotv5m+K9TqjBSlV8Bx OwvPhWO/wBEqNIZmSiUUi8RH8mYVF1A1/Aoq+AzjsoXNjTsdkVHWIsSXjfWz7k1A t+tpv+3jhYdZ91mRWo7ZmvpcHzcs57PwcMPdHAW86WGt71TIAzaWQNhvJGhvY=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a5.g.dreamhost.com (Postfix) with ESMTPSA id 81F107FC3E; Tue, 26 Mar 2019 15:27:43 -0700 (PDT)
Date: Tue, 26 Mar 2019 17:27:41 -0500
X-DH-BACKEND: pdx1-sub0-mail-a5
From: Nico Williams <nico@cryptonector.com>
To: Carl Wallace <carl@redhoundsoftware.com>
Cc: saag@ietf.org
Message-ID: <20190326222740.GE4211@localhost>
References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org> <20198.1553629138@dooku.sandelman.ca> <20190326200103.GR3822@straasha.imrryr.org> <D8BFFE5D.D8084%carl@redhoundsoftware.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <D8BFFE5D.D8084%carl@redhoundsoftware.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedtgdduvdeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuggftfghnshhusghstghrihgsvgdpffftgfetoffjqffuvfenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepfffhvffukfhfgggtuggjfgesthdtredttdervdenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/cW5aYR_7bKHD2VcsNxG-FtWwqT4>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 22:27:54 -0000
On Tue, Mar 26, 2019 at 04:08:58PM -0400, Carl Wallace wrote: > >> This is why we hate DER, and we like CDDL/CBOR. > > > >Whatever the abstract syntax, the real solution is probably more > >widely available/used compilers. Hand-rolled codecs will have more > >(frequent and subtle) bugs. > > Fully agree with this. The first time I had to consume CBOR/COSE the > encoded structures were every bit as buggy as folks complain about DER/CMS > structures. I recently had to review a hand-rolled codec by a seasoned developer. It had a number of fatal security bugs, exactly as one might have expected (as I did, going in). Hand-coding codecs is simply very difficult. It's easier when you have "bits on the wire" specifications, like TCP/IP, or when you have XDR specifications. No one uses a compiler to generate TCP/IP packet parsers, though this is first and foremost a result of not having anything like a machine-readable formal language specification for TCP/IP packet headers. XDR is so darned obvious and simple that in Heimdal we have just library functions for it and simply don't have or need a compiler. The traditional XDR compiler, rpcgen, is also very limited, so generally XDR codecs are hand-coded using well-maintained and well-tested libraries that make it easy. Something similar can be said of SSHv2's encoding rules. The ASN.1 packed-like encoding rules are XDR-like, though with 1-octet instead of 4-octet alignment -- these too are easier to hand-code, but because there's often an escape to BER (e.g., for encoding of lengths of fields that cannot have fixed lengths, or encoding OIDs), it's still tricky by comparison to XDR. But it is a very strong truism that, whatever the encoding rules, having a compiler for an abstract syntax that generates codecs with usable APIs and characteristics, is inordinately easier, safer, and less time- consuming than hand-rolling a codec for any encoding rules. It is also a strong truism that simple syntaxes with simple encodings admit safer hand-coding of codecs, but also that, by being informal, also typically preclude compilation. I would and do accept informal syntaxes and encoding rules for protocols like SSHv2, or TLS, because a) it's already done, b) the messages are simple enough, c) it's easy enough to build libraries that make mistakes unlikely, d) often the implementors do not believe they have access to proper tooling, e) having access to ASN.1 tooling doesn't help if the only ERs you get are TLV ones. CDDL is not an informal syntax. For new formal syntaxes I have a higher bar just because it is very difficult to come up with something that ASN.1 does not already have -- unless there's a trivial mapping between the two. BTW, who can forget FastInfoSet? That's... XML with transliteration to ASN.1 and application of PER as a compression of XML. While XER is essentially the reverse: transliteration of ASN.1 to XML, with XML as the encoding rules. These, for me, prove the point that syntaxes are likely interchangeable (so why build a new one?). Nico --
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- [saag] ASN.1 vs. DER Encoding Dr. Pala
- Re: [saag] ASN.1 vs. DER Encoding Yoav Nir
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Volker Birk
- Re: [saag] ASN.1 vs. DER Encoding Volker Birk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Carl Wallace
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Dr. Pala
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Sean Leonard
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Christian Huitema
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Stephen Farrell
- Re: [saag] ASN.1 vs. DER Encoding Salz, Rich
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Salz, Rich
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Russ Housley
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Watson Ladd
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Adrian Hope-Bailie