[cryptography] preventing protocol failings

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jul 6 01:06:40 EDT 2011


Nico Williams <nico at cryptonector.com> writes:

>In other words, in ASN.1 as it's used you have to know the schema and message 
>type in order to do a good job of parsing the message, 

No you don't.  I give as a counterexample dumpasn1, which knows nothing about 
message types or schemas, but parses any (valid) ASN.1 you throw at it.

(The ASN.1 filter I mentioned earlier is a stripped-down version of dumpasn1. 
Remember that dataset of 400K broken certs that NISCC generated a few years 
ago and that broke quite a number of ASN.1-using apps (and filesystems when 
you untarred it :-)?  It processed all of those without any problems).

Peter.



More information about the cryptography mailing list