Re: [saag] ASN.1 vs. DER Encoding

[Nico Williams <nico@cryptonector.com>]

On Tue, Mar 26, 2019 at 04:08:58PM -0400, Carl Wallace wrote:
> >> This is why we hate DER, and we like CDDL/CBOR.
> >
> >Whatever the abstract syntax, the real solution is probably more
> >widely available/used compilers.  Hand-rolled codecs will have more
> >(frequent and subtle) bugs.
> 
> Fully agree with this. The first time I had to consume CBOR/COSE the
> encoded structures were every bit as buggy as folks complain about DER/CMS
> structures. 

I recently had to review a hand-rolled codec by a seasoned developer.
It had a number of fatal security bugs, exactly as one might have
expected (as I did, going in).  Hand-coding codecs is simply very
difficult.  It's easier when you have "bits on the wire" specifications,
like TCP/IP, or when you have XDR specifications.

No one uses a compiler to generate TCP/IP packet parsers, though this
is first and foremost a result of not having anything like a
machine-readable formal language specification for TCP/IP packet
headers.

XDR is so darned obvious and simple that in Heimdal we have just library
functions for it and simply don't have or need a compiler.  The
traditional XDR compiler, rpcgen, is also very limited, so generally XDR
codecs are hand-coded using well-maintained and well-tested libraries
that make it easy.

Something similar can be said of SSHv2's encoding rules.

The ASN.1 packed-like encoding rules are XDR-like, though with 1-octet
instead of 4-octet alignment -- these too are easier to hand-code, but
because there's often an escape to BER (e.g., for encoding of lengths of
fields that cannot have fixed lengths, or encoding OIDs), it's still
tricky by comparison to XDR.

But it is a very strong truism that, whatever the encoding rules, having
a compiler for an abstract syntax that generates codecs with usable APIs
and characteristics, is inordinately easier, safer, and less time-
consuming than hand-rolling a codec for any encoding rules.

It is also a strong truism that simple syntaxes with simple encodings
admit safer hand-coding of codecs, but also that, by being informal,
also typically preclude compilation.

I would and do accept informal syntaxes and encoding rules for protocols
like SSHv2, or TLS, because a) it's already done, b) the messages are
simple enough, c) it's easy enough to build libraries that make mistakes
unlikely, d) often the implementors do not believe they have access to
proper tooling, e) having access to ASN.1 tooling doesn't help if the
only ERs you get are TLV ones.

CDDL is not an informal syntax.  For new formal syntaxes I have a higher
bar just because it is very difficult to come up with something that
ASN.1 does not already have -- unless there's a trivial mapping between
the two.

BTW, who can forget FastInfoSet?  That's... XML with transliteration to
ASN.1 and application of PER as a compression of XML.  While XER is
essentially the reverse: transliteration of ASN.1 to XML, with XML as
the encoding rules.  These, for me, prove the point that syntaxes are
likely interchangeable (so why build a new one?).

Nico
--