IETF Logo Mail Archive

Re: [saag] ASN.1 vs. DER Encoding

Nico Williams <nico@cryptonector.com> Wed, 27 March 2019 17:00 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C23112031D for <saag@ietfa.amsl.com>; Wed, 27 Mar 2019 10:00:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lj5PaeSTbdLw for <saag@ietfa.amsl.com>; Wed, 27 Mar 2019 10:00:18 -0700 (PDT)
Received: from lavender.maple.relay.mailchannels.net (lavender.maple.relay.mailchannels.net [23.83.214.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 570DC12029E for <saag@ietf.org>; Wed, 27 Mar 2019 10:00:18 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id DCA9D3E573B; Wed, 27 Mar 2019 17:00:15 +0000 (UTC)
Received: from pdx1-sub0-mail-a26.g.dreamhost.com (unknown [100.96.11.48]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 2A99F3E5652; Wed, 27 Mar 2019 17:00:15 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a26.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Wed, 27 Mar 2019 17:00:15 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Inform-Battle: 0c54e1ff0c539d93_1553706015482_1811229303
X-MC-Loop-Signature: 1553706015482:574987615
X-MC-Ingress-Time: 1553706015481
Received: from pdx1-sub0-mail-a26.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a26.g.dreamhost.com (Postfix) with ESMTP id A399B8073F; Wed, 27 Mar 2019 10:00:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=EnWS5v1qhUE7QtxD6o+wi4yvmv0=; b=Y1g1i3l3YUB pZIjmTmOMYpRwl158gD6lc7Dss4kHWXasihc5ehyOFTzNzKcVDX+s7JWyJ+COnBv SCoFqnAxvdVysrqjTDRDR7PvJ7Me6PRywMgDHrLOnLChBTE9n874SJFb+QWI0qUd BkyV3ev0jj1kbaSuZ6+diFlev/38js7Q=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a26.g.dreamhost.com (Postfix) with ESMTPSA id DBAE280750; Wed, 27 Mar 2019 10:00:11 -0700 (PDT)
Date: Wed, 27 Mar 2019 12:00:09 -0500
X-DH-BACKEND: pdx1-sub0-mail-a26
From: Nico Williams <nico@cryptonector.com>
To: Sean Leonard <dev+ietf@seantek.com>
Cc: "saag@ietf.org" <saag@ietf.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, "Dr. Pala" <madwolf@openca.org>
Message-ID: <20190327170007.GH4211@localhost>
References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <BC810910-8A30-4758-AE2E-2D2E2F3068D7@seantek.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <BC810910-8A30-4758-AE2E-2D2E2F3068D7@seantek.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkedvgdeklecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggugfgjfgesthekredttderjeenucfhrhhomheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqeenucfkphepvdegrddvkedruddtkedrudekfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghloheplhhotggrlhhhohhsthdpihhnvghtpedvgedrvdekrddutdekrddukeefpdhrvghtuhhrnhdqphgrthhhpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqpdhmrghilhhfrhhomhepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhdpnhhrtghpthhtohepnhhitghosegtrhihphhtohhnvggtthhorhdrtghomhenucevlhhushhtvghrufhiiigvpedt
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/ywYPLVMLHS13YK3tVUcZcDEjmfc>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2019 17:00:21 -0000

On Wed, Mar 27, 2019 at 05:14:11PM +0100, Sean Leonard wrote:
> Back to the original topic of this thread, which is “distinguish
> between ASN.1 and BER/CER/DER”:
> 
> I agree that more care ought to be taken in distinguishing between the
> abstract syntax (ASN.1) and the encodings. If not sure which of
> BER/CER/DER to use, you can and should say “X.690 encoding”.

+1

> My suggestion is to say DER when that is required, and X.690 when it
> is not. This is because “BER” in people’s minds reads as “not DER”,
> which is not true. DER-encoded PDUs are BER-encoded, but not
> vice-versa.
> 
> There is nothing good to say about CER since it did not adequately
> solve any problems, and only created more. :-)

There is little good to say about DER either...  Both made suboptimal
choices of constraints on BER.

> > that know nothing of the schema, with some lossage of type information
> > when using IMPLICIT tagging (none otherwise).
> 
> Dealing with tagging issues is supposed to be fixed with AUTOMATIC
> TAGS but I have yet to see an IETF spec that uses that ASN.1 feature.

Yes, sadly we don't use that.

Even with AUTOMATIC TAGS you can have some loss of type information in
the encoding due to automatically-added context tags being implicit.

Nico
--

v2.23.0 | Report a Bug | By Email