On Thu, 28 Dec 1995, Stephen Kent wrote:
Perry,
Some (many?) of the protocols that will be employed in the PKI
environment will entail digital signatures and may also be required to
support staged delivery. Most Internet protocols do not accommodate
signatures and the attendent requirements for cannonical encoding. Thus
the bit-by-bit layout approach adopted for protocol syntax specification in
the Internet, historically, may not be the best approach in this context.
You know, Steve, you sometimes sound a lot like a lawyer. What is this "may
not be the best approach" stuff? If you have a belief as to what is the best
approach, don't you have the guts to say what it is? You know, for small
amounts of money, you can get lawyers to say anything with "may" in it since
such statements are totally meaningless. Hey, for a small consideration, you
could probably get me to say that "The sun MAY fail to rise tomorrow
morning."
I would say that most intenret protocols provide a canonical encoding,
or can be made to do so with a minor additona rules. ASN.1 sure as hell
doesn't provide a canonicial encodingl It doesn't provide any coding
at all. Only if you add DER are you getting anywhere. Unfortunately,
this computer screen is to small to go into a description much of the
reasons when ASN.1, Distinguished Names, and similar ISOisms are bad
ideas.
Also, we do have examples of using ASN.1 for syntax specification in the
Internet, i.e., SNMP and its accompanying MIBs.
Talked to the people who had to live with that decision at that time?
Most of them are strongly of the opinion that it was a bad decision
forced on them politically because of a belief in high places that
the Interet Protocols were just a transition before ISO protocols took
over.
You will also note that SNMP actually tried to use only a small subset of
1984 ASN.1 (like many ISO standards, ASN.1 can as has gotten incompatably
changed every now and then). Only one of the problems with ASN.1 is that
people keep trying to use its full glorious generality and obscure features.
Steve
I assumed from the beginning that the PKI WG would attract and be
dominated by the x509 types. As such, I choose to primarily invest
my efforts elsewhere.
Donald
=====================================================================
Donald E. Eastlake 3rd +1 508-287-4877(tel) dee(_at_)cybercash(_dot_)com
318 Acton Street +1 508-371-7148(fax)
dee(_at_)world(_dot_)std(_dot_)com
Carlisle, MA 01741 USA +1 703-620-4200(main office, Reston, VA)