asn.1der

What is the semantic difference between SEQUENCE OF and SET OF in ASN.1?


I am wondering if there is any difference (except the tag number) between the SEQUENCE OF and SET OF definitions in ASN.1. According to the definitions under 3.8.68 and 3.8.72 in the T-REC-X680 specification there is no difference. But then why were two definitions made? Is there any semantic meaning to choose one over the other?


Solution

  • The key difference between "SEQUENCE OF" and "SET OF is described in the notes under clause 28.3 in X.680.


    NOTE 1 – Semantic significance should not be placed on the order of these values. NOTE 2 – Encoding rules are not required to preserve the order of these values.

    When you present an abstract value of a "SET OF" type to an encoder, the behavior of the encoder depends on whether the encoding rules are canonical or non-canonical. For example, take BER (non-canonical) and DER (canonical).

    A BER encoder (non-canonical) is free to add the component values of a "SET OF" value in any order to the encoded output (see X.690, clause 8.12.3):


    8.12.3 The order of data values need not be preserved by the encoding and subsequent decoding.

    and a BER decoder is free to return the decoded component values of a "SET OF" value in any order to the local application. This is permitted because the order of the component values of a particular SET OF value is meaningless. The order doesn't matter. It doesn't carry any information. So the order doesn't need to be preserved. Your application should not rely on the order of a particular SET OF value being preserved after transfer.

    A DER encoder (canonical) must reorder the component values in a particular way specified in the standard (see clause 11.6 of X.690). This is necessary because the purpose of a canonical encoding rule is to produce two identical encodings when the two abstract values are identical--and, as noted above, the order of the component values of a SET OF value is meaningless--it does not contribute to the value, it's irrelevant in a comparison between two SET OF values.

    So, to answer your question about when to choose SEQUENCE OF and when to choose SET OF in your own ASN.1 schema, you would choose SEQUENCE OF when you consider the order of the values meaningful and want to make sure that the order will be preserved. You would choose SET OF when you want to convey the fact that the order of the values is meaningless and (when using a canonical encoding rule such as DER), you want to make sure that two SET OF values won't be accidentally treated as different if they only differ in the order of their components.