I agree with Eric.
If a cannonical encoding is important then it is probably
necessary to avoid ASN.1 at all costs, DER is simply too
great an overhead for the functionality provided. In most
cases people are simply not interested in re-ordering
parts of signed data.
The big problem with the DER issue is one of scope,
even the requirement that the attributes be DER
encoded is more than flakey IMHO. Consider the
case in which an attribute is defined for convenience
as Octet String even though it is in fact an ASN.1
structure (say the draft editor of the attribute had an
ASN.1 version headache). What is not too obvious
is that this also cuts a hole in the scope of a DER
formatting requirement for the enclosing structure.
As good ideas go the idea of a canonical encoding
has tended to be overated. If people really do take
certificates, break them appart and store the components
in a database with the intention of re-assembly then
fair enough. I tend to think that with disk space at
$50 per Gb that keeping a copy of the original bit
structure arround is much less hassle. And in any case
I don't think that relying on other folk to do DER properly
makes any sense.
This will seriously impact performance and I don't see
any real value that is added.
From: EKR <ekr(_at_)terisa(_dot_)com>
To: David P. Kemp <dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil>
Cc: ietf-smime(_at_)imc(_dot_)org <ietf-smime(_at_)imc(_dot_)org>
Date: Friday, April 17, 1998 11:31 AM
Subject: Re: Authenticated Attributes DER vs BER
dpkemp(_at_)missi(_dot_)ncsc(_dot_)mil (David P. Kemp) writes:
From: "Blake Ramsdell" <BlakeR(_at_)deming(_dot_)com>
In the spirit of "being liberal in what you accept" and
interoperability, I think some language is needed. How about
agents SHOULD NOT reorder the SET OF according to DER"?
"being liberal in what you accept" leads to the position that receiving
agents SHOULD reorder the SET OF, in order to accept the widest variety
Not necessarily. Let's assume that you receive a message where the
SET OF IS misordered. There are two possibilities:
1. The data that was signed is the DER ordered data (I.e. NOT the
data that was transmitted).
2. The data that was signed is the data that was transmitted.
In my experience, (2) is the far more likely event.
I appreciate that this defeats the entire purpose of using DER
but in practice we're not dealing with intermediate
systems that are likely to reorder DER in transit. However,
the probability that end systems will (mistakenly) sign BER
seems a lot higher.
[Eric Rescorla Terisa Systems, Inc.]
"Put it in the top slot."