Dear All,
I was reading Yar Tikhiy's "IPv6 for IPv4 Experts"
(https://sites.google.com/site/yartikhiy/home/ipv6book), and came
across the following comment in section 4.4.1:
----- begin quote -----
The fact is, for a long time the Internet standards were written for, and
by, top experts of the industry, who had no problem translating the wire
data format to a robust and secure receiver algorithm. So it is no
surprise that the terms "protocol" and "packet format" remained
interchangeable through a whole period of TCP/IP history. Alas, today the
average RFC reader’s level is nowhere as high as it used to be in the
1970s, which has to be made up for by more rigorous and comprehensive
standards documents leaving no room for ambiguity.
Granted, a protocol can be so complex that providing only its wire data
format will no longer be sufficient; but the failure of some implemen-
tations to check Version in incoming IP packets speaks of certain ills in
the prevalent technical culture rather than of this protocol’s complexity.
----- end quote ------
It seems to show both awareness of the special role of (packet)
recognizers and of the dangers of ambiguity. Moreover, the suggested link
between protocol, format, and its receiver (=recognizer) sounds very much
like a LangSec insight.
However, the concluding note regarding protocol complexity (in the
Russian original, this statement is even stronger: explicit specification
of endpoints' behaviors is stressed) appears to draw no boundaries between
manageable and unmanageable complexity of either protocols or formats,
but rather blames the detrimental effects on the technical culture.
Yet, as LangSec argues, there is a boundary beyond which protocol
implementation differences cannot be blamed on the poor culture of
implementors, as verifying equivalence of recognizer implementations
becomes undecidable. Blaming the implementors becomes, in essence,
blaming the victims of format complexity for their inability to solve
an equivalent of the halting problem, i.e., patently unfair.
It seems to me that this is where LangSec offers the next step
beyond the undeniably great and time-honored intuitions of protocol
practitioners.
Thanks,
--Sergey
_______________________________________________
langsec-discuss mailing list
langsec-discuss@mail.langsec.org
https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
