Re: [saag] ASN.1 vs. DER Encoding
Benjamin Kaduk <kaduk@mit.edu> Tue, 26 March 2019 20:20 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4898D120B15 for <saag@ietfa.amsl.com>; Tue, 26 Mar 2019 13:20:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AMzhiZf266hE for <saag@ietfa.amsl.com>; Tue, 26 Mar 2019 13:20:28 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A25F2120AFE for <saag@ietf.org>; Tue, 26 Mar 2019 13:20:28 -0700 (PDT)
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x2QKKPF3002672 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 26 Mar 2019 16:20:27 -0400
Date: Tue, 26 Mar 2019 15:20:24 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Dr. Pala" <madwolf@openca.org>
Cc: "saag@ietf.org" <saag@ietf.org>
Message-ID: <20190326202024.GN86501@kduck.mit.edu>
References: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <21dec229-5b5c-8d52-6817-edac2e39ceec@openca.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/qyqynwU07jDu68fFa_kZqIRDVTQ>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 20:20:39 -0000
Hi Max, On Tue, Mar 26, 2019 at 05:24:38PM +0100, Dr. Pala wrote: > Hi SAAG, > > I just wanted to provide some feedback based on the contents of some > presentations I have seen in the security area. In particular, I noticed > that some authors seem to confuse the definition of information objects > (ASN.1) and their encoding (e.g., DER). I noticed that, sometimes, when > ASN.1 was mentioned, what was really the topic of discussion was > actually related to DER encoding. Thanks for raising the topic. > Since I have seen this happening multiple times, I am starting to wonder > if I am the one who is wrong. In particular, my question is: do people > in the security area support the statement that ASN.1 is equivalent to > DER encoding ? I don't, though the comment downthread that in modern practice they appear together is also t rue. > I ask this because ASN.1 is "used for the definition of data types, > values, and constraints on data types." independently from the how the > data is actually encoded (BER, PER, XER, DER, etc.) - it just happens > that in X.509 PKIs, we use DER as the preferred encoding (and PEM for > 7-bit transport mode). Therefore when we talk about certificate parsing, > for example, we do parse DER/PEM, not ASN.1. For example, for the > proposal around CBOR-encoded certificates (not endorsing the idea, just > using this as an example), defining the CBOR Encoding Rules (CER ?) > would provide a path to provide CBOR encoding for all ASN.1 definitions > we use in PKIX. > > Maybe this distinction is not important for people that already have a > good understanding of the information model, however there might be > newcomers (new IETF-ers or just new to the security area) that might > think the two are the same when they are not, in my opinion. > > Therefore, my recommendation is to keep this distinction in mind when > talking about encoding and parsing of, for example, certificates. I hope > this helps. Well, we should generally aim for precision in language, to the extent reasonable. Even occasionally being precise in this particular matter is probably enough to keep us honest, whether we use sloppy shorthand the rest of the time or not. -Ben
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- [saag] ASN.1 vs. DER Encoding Dr. Pala
- Re: [saag] ASN.1 vs. DER Encoding Yoav Nir
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Volker Birk
- Re: [saag] ASN.1 vs. DER Encoding Volker Birk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Carl Wallace
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Dr. Pala
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- Re: [saag] ASN.1 vs. DER Encoding Peter Gutmann
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Sean Leonard
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Christian Huitema
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Carsten Bormann
- Re: [saag] ASN.1 vs. DER Encoding Stephen Farrell
- Re: [saag] ASN.1 vs. DER Encoding Salz, Rich
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Salz, Rich
- Re: [saag] ASN.1 vs. DER Encoding Benjamin Kaduk
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Russ Housley
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Watson Ladd
- Re: [saag] ASN.1 vs. DER Encoding Phillip Hallam-Baker
- Re: [saag] ASN.1 vs. DER Encoding Michael Richardson
- Re: [saag] ASN.1 vs. DER Encoding Nico Williams
- Re: [saag] ASN.1 vs. DER Encoding Viktor Dukhovni
- Re: [saag] ASN.1 vs. DER Encoding Adrian Hope-Bailie