At 11:20 AM +0100 11/17/05, Florian Weimer wrote:
These bugs have been uncovered by a PROTOS-style test suite. Such
test suites can only reveal missing checks for boundary conditions,
leading to out-of-bounds array accesses and things like that. In
other words, trivial implementation errors which can be easily avoided
using proper programming tools.
Which "proper programming tools" would check for a logic path failure
when a crafted packet includes Subpacket A that is only supposed to
be there when Subpacket B is there, but the packet doesn't include
Subpacket B? There are no programming tools that check for this, or
for related issues: it has to be the implementer who has enough
understanding of the protocol and enough time (and program space) to
code against such issues.
Throw in PKIX certificates in certificate chains, and it gets much worse.
IKE is a very complicated protocol with many within-packet and
within-stream dependencies. These cannot be resolved by "proper
programming tools" unless those tools are specifically crafted for
IKE. SSL/TLS probably suffers the same fate.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
