Re: [saag] ASN.1 vs. DER Encoding
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 22 April 2019 23:15 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 705B812003E for <saag@ietfa.amsl.com>; Mon, 22 Apr 2019 16:15:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.648
X-Spam-Level:
X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gXsqPxAF_gMW for <saag@ietfa.amsl.com>; Mon, 22 Apr 2019 16:15:27 -0700 (PDT)
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com [209.85.167.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 207DC1200B1 for <saag@ietf.org>; Mon, 22 Apr 2019 16:15:27 -0700 (PDT)
Received: by mail-oi1-f174.google.com with SMTP id j132so9806546oib.2 for <saag@ietf.org>; Mon, 22 Apr 2019 16:15:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/uq/BuQtA/f4sBKEQW/kBCLapM8c+5Ier6Z+/sbRN0w=; b=fvWoUuzIt0OssNgVibsZP2R0sj4HLv52CQXc7z8zp9jw5f9409q6s3w9tZGgUGPG5N TbEpCjkODN1MVzx2epwHwjpWlL9nEaYiLWS92dqR8RXWY/U2Z0EoN/CJcJsE2l7Z7gm7 tsH+lf959tUqmHjNlY0hTXUz4H3fDcVkHK2DCcTq8MUif+JWwt7/jxZQI0FyC7mXHQ7P duaJMrg21IqmGXGtljf9IjtypCp6g9jGer5EuNBv6dCbLCE3gLGZ8Ual2QU3muxeuXLD RJHgpbWVJyZmC7l3b6+2xZT/06GTTzCJ2vv/tFGlSdvndr7On2u2KqeqEgP6NRd6m3MB I5iw==
X-Gm-Message-State: APjAAAWmPvs3M5dnCeQIdd1AOca360yBMNjq0pJXvAAhzuMSL86R+FA6 rcgJpdIbV/Txvg61qWYU9TfgeIU0WIy3eLW4uZ1H9w==
X-Google-Smtp-Source: APXvYqx4++FdgPeTPKHGCuFmR6aok8a374RCbFrdpUp2KE1TKrnMw382DcXHWuOcXxnuCaMh9RQ5SZ05MmdwRedfnpA=
X-Received: by 2002:aca:5c55:: with SMTP id q82mr407823oib.95.1555974926116; Mon, 22 Apr 2019 16:15:26 -0700 (PDT)
MIME-Version: 1.0
References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <20190330153101.GT35679@kduck.mit.edu> <C3D9DD15-AB23-4B42-BA61-A4E4CD826B77@huitema.net> <F6387640-20F3-4B3C-8E61-58CAF7828CA1@tzi.org> <269bee5d-e225-3484-04ed-3e5de6c19081@cs.tcd.ie> <CAMm+Lwi1pNje_9HMYnf-gQN8scggQDTUB0z0uCsy9trtaYKBsg@mail.gmail.com> <20190422211449.GD3137@localhost>
In-Reply-To: <20190422211449.GD3137@localhost>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 22 Apr 2019 19:15:14 -0400
Message-ID: <CAMm+LwgoSSS7kTruKX=PSBGMoX6FYeJi9apS1yY_n_Dx-RMX_A@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "saag@ietf.org" <saag@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c02f9a058726a4a3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/eMHJo6FDy9gJH4HM1vRaV7IR3_A>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Apr 2019 23:15:30 -0000
On Mon, Apr 22, 2019 at 5:15 PM Nico Williams <nico@cryptonector.com> wrote: > On Mon, Apr 22, 2019 at 04:47:24PM -0400, Phillip Hallam-Baker wrote: > > It turns out there's a great deal of demand for both, a) "textual", and > b) binary encodings. And for (b), TLV kinda sucks, but it's what we've > done for 30 years in many cases. We also have "bits on the wire" > encodings. > Hence the reason I decided to smoosh in binary encodings into JSON to create a superset so that one decoder can read either the JSON or the binary version. > That's why we have all the ASN.1 encoding rules, XDR, NDR, XML, > FastInfoSet, JSON, a whole bunch of "binary JSON" formats (including > ones not brought to the IETF, such as PostgreSQL's JSONB, which is > actually quite neat), and now all the *buffers rules (protocolbuffers, > flatbuffers), and who knows what else I might be missing. Oh, and > things like MIME, which in fact are encoding rules. And SSHv2, and TLS, > and... And S-expressions, and Perl5 data dumper, and... > > Easy, safe prediction: we'll have more encoding rules soon. > True. But here is the thing, I have a series of schema driven parsers that use essentially the same schema language to create parse r for ASN.1, XML, JSON, DNS Records, TLS, RFC822, RFC821 etc. I can throw out YANG, SML Schema, Relax etc. if needs be as well. The basic principle is to allow the basic encoding to be specified (e.g. integer) plus hints if needed in addition (e.g. 16bit, 32bit, signed, Little, Big endian, etc.) Yes. The decisions made in both DER and CER make both of them difficult > to use in actuality. The ITU-T could have made better choices for a > canonical flavor of BER :( > Had they chosen to require lists, sets, etc. to use the indefinite length encoding instead, the problems would have gone away. But nobody got round to implementing until after they made that choice. > > 5) The botched DER encoding is even worse because the nested lengths is > the > > use of nested variable length length specifiers. This means that the only > > efficient strategy for encoding ASN.1 is to fill the buffer in the > REVERSE > > order starting with the last item. > > It's worse: you have to realloc as you go, or build a rope, or do one > pass to compute length and one to encode. DER is truly awful. > I use the rope trick. One thing we've learned is that we *don't* want directories or white > pages of any kind, not outside the corporate environment. > I disagree. There is a role for a personal directory mapping local names to devices and users. It just looks nothing like the nonsense of X.500 and LDAP. If I say 'close garage door', it is implicit that it is the one connected to the house I am currently in. And I want my Apple, Google, Microsoft, DEC, etc. devices to all make use of the same local names in the same way which mean that they have to be MY local names from MY directory, not whatever sludge the AI heuristics driving Siri, Alexa, Hal, etc. try to infer. Basically, if we want to sell consumers hundreds of IoT devices then we have to either admit that all that stuff we sold to enterprise customers was unnecessary and they never needed it or decide it is needed and find some way to provide the same sorts of functionalities but without the make work that enterprise software sales require.
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- [saag] ASN.1 vs. DER Encoding Dr. Pala
- Re: [saag] ASN.1 vs. DER Encoding Yoav Nir
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Volker Birk
- Re: [saag] ASN.1 vs. DER Encoding Volker Birk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Carl Wallace
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Dr. Pala
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Sean Leonard
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Christian Huitema
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Stephen Farrell
- Re: [saag] ASN.1 vs. DER Encoding Salz, Rich
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Salz, Rich
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Russ Housley
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Watson Ladd
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Adrian Hope-Bailie