[Cryptography] Is ASN.1 still the thing?

Mon Nov 13 08:57:57 EST 2017

Hi James,

To answer the question in the subject line, yes, ASN.1 is unfortunately
still a thing.  As long as one must interact with x509, you get the
ASN.1 baggage for free. :-P

On Mon, Nov 13, 2017 at 01:11:39PM +1000, James A. Donald wrote:
> Do JSON, Yaml, or protobuff allow representing data format in ways
> that give a unique and well defined checksum, that will not be
> affected by endianess or compiler options?

I presume what you're getting at: Does it have a strict binary
representation?  Any format that permits arbitrary whitespace will fail
that test.  Although, you could specify the reduced form prior to
hashing.

> Cryptographers specify data formats are in ASN.1 because that way
> you can get a unique hash or checksum of the data, regardless of
> which compiler you are using, and whether your machine is big endian
> or little endian.

They do?  That seems odd.  I really hope ASN.1 isn't being chosen for
the reasons you've outlined.  Above and beyond the complexities of
parsing it, there's also the difficulty of parsing it on embedded
systems.  From my experience, it's extraordinarily difficult to parse as
a stream.

> But these days everyone seems to be using JSON to represent data in
> transit, because that is the language of the web and of node.js, or
> YAML, which is JSON polished up to support more kinds of data and to
> actually be genuinely human readable, or protobuff, because people
> who write in C++ despise the horrible inefficiency of translating
> data to and from ascii representation.

For the record, we've had quite a bit of success with msgpack.  It's
extremely efficient, both in line format, code size, and ram usage.  And
further your question, it's a strict, binary representation wrt word
size and endianess.

Also, as a "C enthusiast", I think protobuf is just an abomination.  If
you've spent any amount of time reading hex dumps of serial protocols
like ADS-B, one look at protobuf makes you think "Why the f*ck would you
create a binary form of XML?" It was clearly never intended to be a
serious line protocol format, but rather a universal (from a high-level
programmer view) data pack/unpacker.  And even then, I try to avoid code
generators. ;-)

> ASN.1 provides canonical format so that you can hash it or checksum
> it, ultra efficient binary format for C and C++ purists, and
> supposedly human readable format, though its human readable format
> is not particularly human readable.  You are a lot better off with
> YAML if, as in ini files, you want human readability.

Well, you're crossing use cases here.  There is data storage (x509
attributes), configuration files (/etc/* in *nix), and line protocols.
All of which have different requirements.  To the best of my knowledge,
the only reason ASN.1 still exists in mainstream usage is because of
x509.  And I really hope both of those die a horrible death in a flaming
Yugo off of a 500 ft cliff into ice-cold seas and jagged rocks.

Not that I have an opinion about it or anything.  :-))

thx,

Jason.