[cryptography] preventing protocol failings
pgut001 at cs.auckland.ac.nz
Tue Jul 5 08:59:49 EDT 2011
Nico Williams <nico at cryptonector.com> writes:
>Why even have a tag?? The ASN.1 Packed Encoding Rules (think ONC XDR with 1-
>byte alignment instead of 4-byte alignment) doesn't use tags at all.
Which makes them impossible to statically check, and leads to hellishly
>In BER/DER/CER/XML you get a lot of redundancy: tag-length-value, sometimes
>tag-length-tag-length-value (e.g., when explicit tagging is used).
This is a feature, not a flaw, because it means you can statically type-check
it. With BER/DER I can implement a filter that takes as input any encoded
blob and reports true or false for the question "is this well-formed data".
With CER (and XML, and PGP, and SSH, and SSL/TLS, and IPsec) I can't.
>If you want to prevent new bugs in these areas, let's start with putting the
>venerable BER/DER/CER to rest in the trash bin. Legacy will make that a
BER and DER are actually the safest encodings of the major security protocols
I work with. I'd rank them, in terms of danger, as:
More information about the cryptography