Stephen Kent writes:
Some (many?) of the protocols that will be employed in the PKI
environment will entail digital signatures and may also be required to
support staged delivery. Most Internet protocols do not accommodate
signatures and the attendent requirements for cannonical encoding.
It is true that many existing protocols are not currently designed for
digital signatures. However, your next statment...
Thus the bit-by-bit layout approach adopted for protocol syntax
specification in the Internet, historically, may not be the best
approach in this context.
...in no way follows from your previous statement. The fact that DNS
security very easily added signatures without needing stuff like ASN.1
pretty much nails it for me.
Also, we do have examples of using ASN.1 for syntax specification in the
Internet, i.e., SNMP and its accompanying MIBs.
That is true. It is also true that many people consider that to be one
of the problems with SNMP (another problem being that the model makes
downloading things like very large tables extremely inefficient, but
that isn't relevant here today and now.)
The folks at MIT like Ted Tso who made the decision to incorporate
ASN.1 into Kerberos V seem to have all stated in public that it was a
mistake they would not make again.
Perry