[147342] in cryptography@c2.net mail archive
[Cryptography] encoding formats should not be committee'ized
daemon@ATHENA.MIT.EDU (ianG)
Mon Sep 30 10:08:46 2013
X-Original-To: cryptography@metzdowd.com
Date: Mon, 30 Sep 2013 11:41:26 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <C429540C-FB57-411C-B979-995796F3FFD5@lrw.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 29/09/13 16:13 PM, Jerry Leichter wrote:
> On Sep 26, 2013, at 7:54 PM, Phillip Hallam-Baker wrote:
>> ...[W]ho on earth thought DER encoding was necessary or anything other than incredible stupidity?...
> It's standard. :-)
>
> We've been through two rounds of standard data interchange representations:
>
> 1. Network connections are slow, memory is limited and expensive, we can't afford any extra overhead. Hence DER.
> 2. Network connections are fast, memory is cheap, we don't have to worry about them - toss in every last feature anyone could possibly want. Hence XML.
>
> Starting from opposite extremes, committees of standards experts managed to produce results that are too complex and too difficult for anyone to get right - and which in cryptographic contexts manage to share the same problem of multiple representations that make signing such a joy.
>
> BTW, the *idea* behind DER isn't inherently bad - but the way it ended up is another story. For a comparison, look at the encodings Knuth came up with in the TeX world. Both dvi and pk files are extremely compact binary representations - but correct encoders and decoders for them are plentiful. (And it's not as if the Internet world hasn't come up with complex, difficult encodings when the need arose - see IDNA.)
Experience suggests that asking a standards committee to do the encoding
format is a disaster.
I just looked at my code, which does something we call Wire, and it's
700 loc. Testing code is about a kloc I suppose. Writing reference
implementations is a piece of cake.
Why can't we just designate some big player to do it, and follow suit?
Why argue in committee?
iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography