Shouldn't we eventually get rid of DER in XML formats?


Having most electronic document formats XML based shouldn't we gradually move from embedded DER blobs to certificates in native XML?

We have OOXML, ODF. We also have XAdES and XML-DSig, on which all the others are based. All these formats share one interesting historic remnant - the X509Data element. The element stores an X.509 certificates in DER format, encoded as BASE64. An example:

In the XML structure X509Data is an intrusion from completely different world and from the signature processing application it's an opaque structure. To make its life a bit easier, some internal structures from the certificate are copied out to X509Data (X509IssuerSerial, X509SubjectName but still, verification of the signature requires full processing of the embedded DER structure.

It requires opening the blob and decoding the DER structure. This approach has obvious disadvantages:

  • degraded efficiency - the application working on XML tree needs to run a separate DER decoder,
  • increased complexity - having one already complex module to process XML the application needs another one, equally complex decored for DER; complexity impacts security - instead of having one XML parser vulnerability the application will have two of them - the other in DER parser; both decoders are complex, based on different philosophies, standards and APIs
  • limited functionality - because the certificate is not integral part of the XML tree, it's not possible e.g. to search it using XPath or robustly process it in other ways

So what direction should the electronic document formats migrate?

Theoretically it's possible to encode X.509 certificates as XML, because the standard clearly separates structure description (ASN.1) from encoding (BER, DER). There's even a little known standard for XML Encoding Rules - XER (X.693) and newer Robust XML Encoding Rules - RXER (RFC 4910). Both could be probably used to encode the X.509 certificate as XML structure. This solution however has the disadvantage of replicating the X.509 philosophy, which doesn't help much in complexity.

In a broader perspective, X.509 time is probably slowly coming to an end. The X.509 architecture has many disadvantages, main being vague definition of objectives, which resulted in the standard being either incomplete (need for attribute certificates) or convolute and ambigous (keyUsage).

Maybe a SPKI/SDSI philosophy could help, if packed into XML instead of slightly archaic s-expressions and cleaned from some issues present in XML-DSig?