IETF Logo Mail Archive

Re: [saag] ASN.1 vs. DER Encoding

Nico Williams <nico@cryptonector.com> Wed, 27 March 2019 15:16 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96A78120275 for <saag@ietfa.amsl.com>; Wed, 27 Mar 2019 08:16:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RmlYqBcKAsSS for <saag@ietfa.amsl.com>; Wed, 27 Mar 2019 08:15:59 -0700 (PDT)
Received: from cichlid.maple.relay.mailchannels.net (cichlid.maple.relay.mailchannels.net [23.83.214.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7F251200EF for <saag@ietf.org>; Wed, 27 Mar 2019 08:15:58 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 4B8555C57B2; Wed, 27 Mar 2019 15:15:55 +0000 (UTC)
Received: from pdx1-sub0-mail-a27.g.dreamhost.com (unknown [100.96.28.55]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id AEADA5C5749; Wed, 27 Mar 2019 15:15:54 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a27.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Wed, 27 Mar 2019 15:15:55 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Fumbling-Wiry: 73ca539e7da83a68_1553699755030_3714520341
X-MC-Loop-Signature: 1553699755030:2495271067
X-MC-Ingress-Time: 1553699755030
Received: from pdx1-sub0-mail-a27.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a27.g.dreamhost.com (Postfix) with ESMTP id BC593807C0; Wed, 27 Mar 2019 08:15:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=e82z/s7KCsEf4E BuDWAJE1jvn44=; b=ZN9EGsdo56/prTQ9AwrYmBVRXdY/oY0AdkNu1gpDsnw4ZS 5P5JjuTMLlTL/iyEfMmO53cYeb6fblMpL1esZq4TPlMyMw86tXnqYiELYTcilPmO CAnE6s69qTxedvBgW8m9j18Y6v6EmiGqaS4P/ZIOrFUgsLqsY1olXXRJZPu1o=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a27.g.dreamhost.com (Postfix) with ESMTPSA id 26321807BF; Wed, 27 Mar 2019 08:15:48 -0700 (PDT)
Date: Wed, 27 Mar 2019 10:15:46 -0500
X-DH-BACKEND: pdx1-sub0-mail-a27
From: Nico Williams <nico@cryptonector.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "Dr. Pala" <madwolf@openca.org>, "saag@ietf.org" <saag@ietf.org>
Message-ID: <20190327151545.GG4211@localhost>
References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1553679912618.8510@cs.auckland.ac.nz>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedvgdeilecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/ka-2QhrT29v5WRWG6bPUCsg8da4>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 15:16:02 -0000

On Wed, Mar 27, 2019 at 09:45:16AM +0000, Peter Gutmann wrote:
> Nico Williams <nico@cryptonector.com> writes:
> 
> I realise this is the standard ASN.1-vs-everything-else debate that comes up
> every year or so, without wanting to dig up the standard responses from every
> previous time it's occurred I'll try and make just one comment:

It does.

> >Now to back up that assertion:
> >
> >1) TLV encodings are bloated by nature due to being highly redundant.
> >
> >2) That redundancy is a source of errors when manually coding a codec.
> 
> It's actually the opposite, with a proper TLV encoding you can create a
> simple, universal recursive-descent parser that will take any arbitrary
> encoded blob and report "valid" or "not valid".  It's with the non-redundant,
> or at least non-self-describing, encodings where you need to hand-roll a
> parser each time any field anywhere is updated, and which can't be statically
> checked like ASN.1 (meaning BER/DER) can.

I covered that.  I understand that one can built BER/DER/CER dumpers
that know nothing of the schema, with some lossage of type information
when using IMPLICIT tagging (none otherwise).

I don't think that's important because as long as you know the outermost
type, you can always parse PER/OER/XDR/whatever by reference to the
actual schema.  The price to pay for self-describing data is bloat and
more chances for hand-rolled codecs to have security vulnerabilities.

> >Thus there is almost zero benefit to self-describing encodings.
> 
> ... apart from the fact that they can be statically analysed to check whether
> they're well-formed or not, unlike the encodings in PGP, TLS, IPsec, SSH, ...

The protocols you list don't use a formal syntax, which instantly makes
validity checking harder (can't generate the code!).  But if they had
used XDR, or ASN.1 with PER/OER/..., you could in fact automatically
check the validity of the encoding of a message.

A protocol using ASN.1 BER/DER/CER with IMPLICT tagging will lose some
type information, so while you can check a lot of an encoded message's
validity without reference to its schema, you cannot check all of it.
Whereas if you have reference to its schema, then you can check all of
it regardless of whether the encoding rules are TLV or not.

Nico
--

v2.23.0 | Report a Bug | By Email