IETF Logo Mail Archive

Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-06.txt

Russ Housley <housley@vigilsec.com> Fri, 08 October 2021 15:29 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FC953A05AA for <sidrops@ietfa.amsl.com>; Fri, 8 Oct 2021 08:29:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X3UXy40rphrc for <sidrops@ietfa.amsl.com>; Fri, 8 Oct 2021 08:29:26 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60C143A0744 for <sidrops@ietf.org>; Fri, 8 Oct 2021 08:29:26 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 57294300C57 for <sidrops@ietf.org>; Fri, 8 Oct 2021 11:29:26 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TVHPPPvQaVRe for <sidrops@ietf.org>; Fri, 8 Oct 2021 11:29:23 -0400 (EDT)
Received: from [192.168.1.161] (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 24F6030026C; Fri, 8 Oct 2021 11:29:23 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <26BD1B09-9EC6-44F9-B6F9-E4E8EEA1C640@vigilsec.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_A22A4BDF-9ED4-4AC9-966B-488721A1A429"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Fri, 08 Oct 2021 11:29:19 -0400
In-Reply-To: <20211008075333.muhym3dbscuqmafu@benm-laptop>
Cc: SIDR Operations WG <sidrops@ietf.org>, Steve Kent <stephen.kent@verizon.net>, Tim Bruijnzeels <tim@nlnetlabs.nl>
To: Ben Maddison <benm=40workonline.africa@dmarc.ietf.org>
References: <51acd845-d937-34a1-359b-7379b45e3fe3@verizon.net> <49e73d37-6d26-7715-da60-c2411020d595@verizon.net> <20210930171302.m7b5utqceotecooc@benm-laptop> <B2E57F08-CA61-4713-BFAE-6D36B20EA1D2@vigilsec.com> <20210930205213.kzwpn3e4ft3q33a6@benm-laptop> <F32DADF2-48C1-4CE7-AC4F-5ADB01C0C224@vigilsec.com> <F069C65C-2BD2-4DD7-9CDB-96DBAA122CD1@nlnetlabs.nl> <AF18F2E7-D16D-4352-8D2C-E9B6D2DE9271@vigilsec.com> <4E8ED276-A8A2-42FC-B0ED-9BB1EEB0C0BF@nlnetlabs.nl> <90554F86-FA27-4364-B13D-BBE7CA4885B1@vigilsec.com> <20211008075333.muhym3dbscuqmafu@benm-laptop>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/_GdPDEYTocd5unFkls-8ZSirRu0>
Subject: Re: [Sidrops] I-D Action: draft-ietf-sidrops-6486bis-06.txt
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2021 15:29:37 -0000

Ben:

Different ASN.1 libraries are better at checking various constraints.

For example, in pyasn1, these two are equivalent:

   ver = rfc5280.Version(2)
   ver = rfc5280.Version('v3')

However, it does not complain if a value that does not have a name is encoded.  That is, it just uses the named values as a more readable way to set specific INTEGER values.


RFC 5280 uses:

   TBSCertificate  ::=  SEQUENCE  {
        version         [0]  Version DEFAULT v1,
        ...

   Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }


RFC 5652 uses:

   SignedData ::= SEQUENCE {
      version CMSVersion,
      ...

      CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }


RFC 6486:

   Manifest ::= SEQUENCE {
      version     [0] INTEGER DEFAULT 0,
      ...


I think all of them are roughly the same to implement, but I tend to like the ability to talk about values like "v2" in the text.

Russ


> On Oct 8, 2021, at 3:53 AM, Ben Maddison <benm=40workonline.africa@dmarc.ietf.org> wrote:
> 
> Signed PGP part
> Hi Russ, Tim,
> 
> On 10/06, Russ Housley wrote:
>> 
>> <snip/>
>> 
>> This is just a matter of style I think.
>> 
> I've been thinking about this some more, and actually I think that this
> choice *is* important when considering asn1 -> code compiler friendliness.
> 
> Consider:
>    Foo ::= SEQUENCE {
>        bar Bar,
>        baz Baz,
>        qux INTEGER
>    }
> 
>    Bar ::= INTEGER
> 
>    Baz ::= INTEGER {
>        a(0), b(1), c(2)
>    }
> 
> Compiling this to (for the sake of example) rust would be expected to
> produce something like:
>    struct Foo {
>        bar: Bar,
>        baz: Baz,
>        qux: usize,
>    }
> 
>    struct Bar(usize);
> 
>    enum Baz {
>        a = 0,
>        b,
>        c,
>    }
> 
> Of course other language type systems have more-or-less direct
> parallels.
> 
> Each has advantages and disadvantages:
> 
> -   the "qux" style can be used directly as an integer with no
>    additional work, but you get no safeguards from the type system to
>    prevent using a bare integer where you expected a "qux" value;
> 
> -   the "baz" style gives the type system the ability to distinguish Baz
>    integers from other integers, at the expense of some extra work to
>    define the operations on Baz types that are permitted; and
> 
> -   the "bar" style is not usable as an integer at all (at least not
>    conveniently). The integer value is just there to distinguish the
>    variants in memory.
> 
> I think this leads to the following general guidance:
> 
> 1.  Use a bare INTEGER ("qux"-style) for unit-less, context-less integer
>    values, that can be sensibly combined in an operation with any other
>    integer value.
>    This seems to be rare in practise to me, so should probably be
>    limited to situations where simplicity is more important than
>    correctness.
> 
> 2.  Use a named type of type INTEGER ("bar"-style) for numbers that
>    can be combined or compared with other numbers of a particular type.
> 
>    For example:
>        bob.age != sue.age          # makes sense
>        bob.height + sue.shoe_size  # probably a bug!
> 
> 3.  Use enumerations ("baz"-style) when the *only* sensible operation
>    that exists on the underlying numbers is equality comparison.
> 
> In the present case, I would suggest that the 'version' field falls
> under category #2, since `foo.version < bar.version` could make sense in
> some situations.
> 
> So, I would suggest:
> 
>    Manifest ::= SEQUENCE {
>        version [0] Version DEFAULT 0,
>        ...
>    }
>    Version ::= INTEGER
> 
> Note that this is orthogonal to whether we explicitly limit the
> permitted value to 0, which can be done in any of the three schemes.
> I have no particular view on whether that is a good idea or not.
> 
> Cheers,
> 
> Ben
> 
>

v2.23.0 | Report a Bug | By Email