[147342] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

[Cryptography] encoding formats should not be committee'ized

daemon@ATHENA.MIT.EDU (ianG)
Mon Sep 30 10:08:46 2013

X-Original-To: cryptography@metzdowd.com
Date: Mon, 30 Sep 2013 11:41:26 +0300
From: ianG <iang@iang.org>
To: cryptography@metzdowd.com
In-Reply-To: <C429540C-FB57-411C-B979-995796F3FFD5@lrw.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

On 29/09/13 16:13 PM, Jerry Leichter wrote:
> On Sep 26, 2013, at 7:54 PM, Phillip Hallam-Baker wrote:
>> ...[W]ho on earth thought DER encoding was necessary or anything other than incredible stupidity?...
> It's standard.  :-)
>
> We've been through two rounds of standard data interchange representations:
>
> 1.  Network connections are slow, memory is limited and expensive, we can't afford any extra overhead.  Hence DER.
> 2.  Network connections are fast, memory is cheap, we don't have to worry about them - toss in every last feature anyone could possibly want.  Hence XML.
>
> Starting from opposite extremes, committees of standards experts managed to produce results that are too complex and too difficult for anyone to get right - and which in cryptographic contexts manage to share the same problem of multiple representations that make signing such a joy.
>
> BTW, the *idea* behind DER isn't inherently bad - but the way it ended up is another story.  For a comparison, look at the encodings Knuth came up with in the TeX world.  Both dvi and pk files are extremely compact binary representations - but correct encoders and decoders for them are plentiful.  (And it's not as if the Internet world hasn't come up with complex, difficult encodings when the need arose - see IDNA.)


Experience suggests that asking a standards committee to do the encoding 
format is a disaster.

I just looked at my code, which does something we call Wire, and it's 
700 loc.  Testing code is about a kloc I suppose.  Writing reference 
implementations is a piece of cake.

Why can't we just designate some big player to do it, and follow suit? 
Why argue in committee?



iang
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
home help back first fref pref prev next nref lref last post