--
James A. Donald:
> > Obviously we do need a standard for describing
> > structured data, and we need a standard that leads
> > to that structured data being expressed concisely
> > and compactly, but seems to me that ASN.1 is causing
> > a lot of grief.
> >
> > What is wrong with it, what alternatives are there
> > to it, or how can it be fixed?Bill Frantz wrote: > In SPKI we used S-Expressions. They have the > advantage of being simple, perhaps even too simple. > > In describing interfaces in the KeyKOS design document > <http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosi > s/keywelcome.html> we used a notation similar to > S-Expressions which was: > > (length, data) The trouble with S-expressions is that as with ASN.1-DER, all data structure is specified at run time, in the sense that the run time data can have any structure whatsoever. Thus the program parsing the data has to be able to handle all possible data structures whatsoever - including unexpected data structures ingeniously concocted by an adversary to exploit flaws in the program. Run time description of data structure should be a special case, an exception. If the data can parsed at run time, without advance knowledge of how the data is supposed to be structured, without knowing what the header signifies, then it is possible for an adversary to create complications by structuring the data differently from the way it is expected to be structured. We need a system where the structure of the data is largely determined by the header, and usually entirely determined by the header, which is an arbitrary identifier, not a description of one of an infinite variety of possible data structures. The recipient sees the header, knows therefore what the structure of the data must be, and proceeds to parse it as having that structure, and in fact there is should be no run time internal structure. If you do not know what the header means, you should not be able to parse the data. If you could, then the adversary could create unexpected structure. Alternatively, we could have a system that allows arbitrary run time structure, but with a general purpose filter that absolutely guarantees expected structure, rather than the programmers checking structure ad hoc in each particular program. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 10vNqS4ChWmjQinDgd1a61m4GCk0hxC9KXi2Hy+N 4jgO2FPYh3FS3oJk07kNEMuYXdYZlJNtCqort+Lwh --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
