IETF Logo Mail Archive

Re: [TLS] TLS grammar checker?

Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 22 June 2013 00:37 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EC2921E8051 for <tls@ietfa.amsl.com>; Fri, 21 Jun 2013 17:37:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_36=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YkbdTvP3NXfa for <tls@ietfa.amsl.com>; Fri, 21 Jun 2013 17:37:01 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) by ietfa.amsl.com (Postfix) with ESMTP id A14E721E804B for <tls@ietf.org>; Fri, 21 Jun 2013 17:37:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1371861422; x=1403397422; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=SkDFzfRe4PaHbzrmZgz6nixX0EzOedwh+dEjK3AlrMQ=; b=WlxtGOrKy3v8wEeTYWei5I2keP2LapLh0ovB9CEftwVxT6oWqG2izeJA k89J9dMW1IgQtJoJYWqn7jMYissdKKbVbs7K45P7Dg0trYi0EJrbPXjZd XW0qpIbSxQKxXzC99mZXYY+XiPARkG7ps7DVa6ioPWM2nKtVQ1Ioq66+r M=;
X-IronPort-AV: E=Sophos;i="4.87,916,1363086000"; d="scan'208";a="195235967"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 22 Jun 2013 12:36:56 +1200
Received: from UXCHANGE10-FE4.UoA.auckland.ac.nz (130.216.4.171) by uxchange10-fe2.UoA.auckland.ac.nz (130.216.4.106) with Microsoft SMTP Server (TLS) id 14.2.318.4; Sat, 22 Jun 2013 12:36:55 +1200
Received: from UXCN10-2.UoA.auckland.ac.nz ([169.254.2.214]) by uxchange10-fe4.UoA.auckland.ac.nz ([130.216.4.171]) with mapi id 14.02.0318.004; Sat, 22 Jun 2013 12:36:55 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "TLS@ietf.org (tls@ietf.org)" <tls@ietf.org>, Martin Rex <mrex@sap.com>
Thread-Topic: [TLS] TLS grammar checker?
Thread-Index: Ac5u4JhXZLhPy+SESkuJDe9LakAC2Q==
Date: Sat, 22 Jun 2013 00:36:54 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C7343D6D8F3@uxcn10-2.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [TLS] TLS grammar checker?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jun 2013 00:37:07 -0000

Martin Rex <mrex@sap.com> writes:

>To illustrate one of my many problems with ASN.1 complexity and lack of
>clarity, I was recently wondering on OCSP [...]

OCSP is a terrible spec, alongside TSP and CMP they're some of the worst
examples of ASN.1 that I know of.

OK, not quite, there are telecomms management specs that are even closer to
gibberish in terms of their ASN.1, the problem with the three above is that
not only is the ASN.1 a mess - some of the authors didn't actually understand
ASN.1 when they started work on it and just made it up as they went along -
but the text is awfully confused as well, as are some of the design features,
which were cargo-cult cut&pastes from other specs without the authors
understanding why they were doing it.  See for example my analysis of CMP in
"Plug-and-Play PKI: A PKI your Mother can Use",
http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix03.pdf, for the specific case
of CMP.  I also have comments on the gibberish nature of parts TSP, posted to
the PKIX list while it was still in the draft stage (nothing was ever fixed),
http://www.imc.org/ietf-pkix/old-archive-01/msg02073.html.

(Apologies for the treasure-hunt URL refs, I'm trying to avoid quoting large
chunks of text for people who don't really care that much).

OCSP is just as bad.  So using these as examples of why ASN.1 sucks is a bit
disingenuous, you'd be hard-put to find worse examples of ASN.1 (and protocol
specs in general) than those.  If you want an example of well-designed ASN.1,
go for something like PKCS #15.

Now, can we switch to vi vs. emacs?  There's a whole lot of things there that
haven't been said yet.

Peter.

v2.23.0 | Report a Bug | By Email