Absolutely there are degrees in complexity. But there are no objective measures.
PKIX is certainly not a simple specification. It got that way for one simple
reason - people used it enough to care about it. So over fifteen years it has
My point here is that if you look at an architecture with five layers it will
appear to be more complex than one with two layers. But that does not say
anything useful about the complexity of the overall system.
Is the complexity in the design or in the requirements? If PKIX had originally
been designed to anticipate a wider range of functions it could have been made
much simpler. We could for example have used the same structure for CRLs and
OCSP if both needs had been anticipated up front.
Encoding ASN.1 in XML allows implementations to reduce the number of
parser/encoder modules that they need to deal with. That represents a reduction
in complexity as far as an embedded single purpose device is concerned. If you
are writing an all purpose development tool your work has increased.
Every change we make has complexity implications, very rarely does the
complexity go down.
A valid complexity argument in my view would be 'I can meet that set of needs
in this way which is empirically less complex by virtue of these considerations
(number of states required, number of different syntaxes, administrative
Simply stating 'that is more complex' does not tell me anything useful. Is the
complexity unreasonable considering the objective. In this case the idea of
being able to eventually eliminate the need for dual stack implementations of
ASN.1 based protocols in the XML/SOAP world is very attractive to me. Having a
single standard mapping from the ASN.1 world to the XML one is equally so.
From: Stephane Bortzmeyer [mailto:bortzmeyer(_at_)nic(_dot_)fr]
Sent: Tuesday, March 13, 2007 11:23 AM
To: Hallam-Baker, Phillip
Subject: Re: Document Action: 'Abstract Syntax Notation X
(ASN.X)' to Experimental RFC
On Tue, Mar 13, 2007 at 08:09:35AM -0700, Hallam-Baker,
Phillip <pbaker(_at_)verisign(_dot_)com> wrote a message of 76 lines which
Everything we do is complex.
There are degrees in complexity. Compare RFC 3912 with 3981,
both written by your co-workers :-)
So, I do not think that the "complexity argument" should be
dismissed. Sometimes, standards are too complicated and one
of the things I like about IETF protocols, is that they are
typically simpler than standards produced by most other organisations.
Ietf mailing list