Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-06.txt
Russ Housley <housley@vigilsec.com> Fri, 08 October 2021 15:29 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FC953A05AA for <sidrops@ietfa.amsl.com>; Fri, 8 Oct 2021 08:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X3UXy40rphrc for <sidrops@ietfa.amsl.com>; Fri, 8 Oct 2021 08:29:26 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60C143A0744 for <sidrops@ietf.org>; Fri, 8 Oct 2021 08:29:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 57294300C57 for <sidrops@ietf.org>; Fri, 8 Oct 2021 11:29:26 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TVHPPPvQaVRe for <sidrops@ietf.org>; Fri, 8 Oct 2021 11:29:23 -0400 (EDT)
Received: from [192.168.1.161] (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 24F6030026C; Fri, 8 Oct 2021 11:29:23 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <26BD1B09-9EC6-44F9-B6F9-E4E8EEA1C640@vigilsec.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_A22A4BDF-9ED4-4AC9-966B-488721A1A429"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Fri, 08 Oct 2021 11:29:19 -0400
In-Reply-To: <20211008075333.muhym3dbscuqmafu@benm-laptop>
Cc: SIDR Operations WG <sidrops@ietf.org>, Steve Kent <stephen.kent@verizon.net>, Tim Bruijnzeels <tim@nlnetlabs.nl>
To: Ben Maddison <benm=40workonline.africa@dmarc.ietf.org>
References: <51acd845-d937-34a1-359b-7379b45e3fe3@verizon.net> <49e73d37-6d26-7715-da60-c2411020d595@verizon.net> <20210930171302.m7b5utqceotecooc@benm-laptop> <B2E57F08-CA61-4713-BFAE-6D36B20EA1D2@vigilsec.com> <20210930205213.kzwpn3e4ft3q33a6@benm-laptop> <F32DADF2-48C1-4CE7-AC4F-5ADB01C0C224@vigilsec.com> <F069C65C-2BD2-4DD7-9CDB-96DBAA122CD1@nlnetlabs.nl> <AF18F2E7-D16D-4352-8D2C-E9B6D2DE9271@vigilsec.com> <4E8ED276-A8A2-42FC-B0ED-9BB1EEB0C0BF@nlnetlabs.nl> <90554F86-FA27-4364-B13D-BBE7CA4885B1@vigilsec.com> <20211008075333.muhym3dbscuqmafu@benm-laptop>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/_GdPDEYTocd5unFkls-8ZSirRu0>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-06.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2021 15:29:37 -0000
Ben: Different ASN.1 libraries are better at checking various constraints. For example, in pyasn1, these two are equivalent: ver = rfc5280.Version(2) ver = rfc5280.Version('v3') However, it does not complain if a value that does not have a name is encoded. That is, it just uses the named values as a more readable way to set specific INTEGER values. RFC 5280 uses: TBSCertificate ::= SEQUENCE { version [0] Version DEFAULT v1, ... Version ::= INTEGER { v1(0), v2(1), v3(2) } RFC 5652 uses: SignedData ::= SEQUENCE { version CMSVersion, ... CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } RFC 6486: Manifest ::= SEQUENCE { version [0] INTEGER DEFAULT 0, ... I think all of them are roughly the same to implement, but I tend to like the ability to talk about values like "v2" in the text. Russ > On Oct 8, 2021, at 3:53 AM, Ben Maddison <benm=40workonline.africa@dmarc.ietf.org> wrote: > > Signed PGP part > Hi Russ, Tim, > > On 10/06, Russ Housley wrote: >> >> <snip/> >> >> This is just a matter of style I think. >> > I've been thinking about this some more, and actually I think that this > choice *is* important when considering asn1 -> code compiler friendliness. > > Consider: > Foo ::= SEQUENCE { > bar Bar, > baz Baz, > qux INTEGER > } > > Bar ::= INTEGER > > Baz ::= INTEGER { > a(0), b(1), c(2) > } > > Compiling this to (for the sake of example) rust would be expected to > produce something like: > struct Foo { > bar: Bar, > baz: Baz, > qux: usize, > } > > struct Bar(usize); > > enum Baz { > a = 0, > b, > c, > } > > Of course other language type systems have more-or-less direct > parallels. > > Each has advantages and disadvantages: > > - the "qux" style can be used directly as an integer with no > additional work, but you get no safeguards from the type system to > prevent using a bare integer where you expected a "qux" value; > > - the "baz" style gives the type system the ability to distinguish Baz > integers from other integers, at the expense of some extra work to > define the operations on Baz types that are permitted; and > > - the "bar" style is not usable as an integer at all (at least not > conveniently). The integer value is just there to distinguish the > variants in memory. > > I think this leads to the following general guidance: > > 1. Use a bare INTEGER ("qux"-style) for unit-less, context-less integer > values, that can be sensibly combined in an operation with any other > integer value. > This seems to be rare in practise to me, so should probably be > limited to situations where simplicity is more important than > correctness. > > 2. Use a named type of type INTEGER ("bar"-style) for numbers that > can be combined or compared with other numbers of a particular type. > > For example: > bob.age != sue.age # makes sense > bob.height + sue.shoe_size # probably a bug! > > 3. Use enumerations ("baz"-style) when the *only* sensible operation > that exists on the underlying numbers is equality comparison. > > In the present case, I would suggest that the 'version' field falls > under category #2, since `foo.version < bar.version` could make sense in > some situations. > > So, I would suggest: > > Manifest ::= SEQUENCE { > version [0] Version DEFAULT 0, > ... > } > Version ::= INTEGER > > Note that this is orthogonal to whether we explicitly limit the > permitted value to 0, which can be done in any of the three schemes. > I have no particular view on whether that is a good idea or not. > > Cheers, > > Ben > >
- [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-… internet-drafts
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Christopher Morrow
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Stephen Kent
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Stephen Kent
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Tim Bruijnzeels
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Christopher Morrow
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Stephen Kent
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Ben Maddison
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Ben Maddison
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Tim Bruijnzeels
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Ben Maddison
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Tim Bruijnzeels
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Job Snijders
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Ben Maddison
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Russ Housley
- Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486… Ben Maddison