Re: [saag] ASN.1 vs. DER Encoding

[Sean Leonard <dev+ietf@seantek.com>]

> On Mar 27, 2019, at 4:15 PM, Nico Williams <nico@cryptonector.com> wrote:
> 
> I covered that.  I understand that one can built BER/DER/CER dumpers

Back to the original topic of this thread, which is “distinguish between ASN.1 and BER/CER/DER”:

I agree that more care ought to be taken in distinguishing between the abstract syntax (ASN.1) and the encodings. If not sure which of BER/CER/DER to use, you can and should say “X.690 encoding”.

My suggestion is to say DER when that is required, and X.690 when it is not. This is because “BER” in people’s minds reads as “not DER”, which is not true. DER-encoded PDUs are BER-encoded, but not vice-versa.

There is nothing good to say about CER since it did not adequately solve any problems, and only created more. :-)

Usually when people say “this is ASN.1 encoded”, they mean “this is BER encoded; it could be CER or DER too, but this is not a guarantee of the protocol.” They almost never mean XER, PER, OER, or any other such encodings. Hence, s/ASN\.1 encod/X.690 encode/ and you are done.

> that know nothing of the schema, with some lossage of type information
> when using IMPLICIT tagging (none otherwise).

Dealing with tagging issues is supposed to be fixed with AUTOMATIC TAGS but I have yet to see an IETF spec that uses that ASN.1 feature.

> On Mar 26, 2019, at 5:24 PM, Dr. Pala <madwolf@openca.org> wrote:
> in X.509 PKIs, we use DER as the preferred encoding (and PEM for 7-bit transport mode). Therefore when we talk about certificate parsing, for example, we do parse DER/PEM, not ASN.1.
> 
While we are arguing about nomenclature, it is “textual encoding”, not PEM. RFC 7468, thank you. :-)

https://tools.ietf.org/html/rfc7468

Sean