On Tue, 2016-11-22 at 18:29 +0000, Salz, Rich wrote: > > That's not the proposal. The proposal is to use PEM form because we can > > make it uniquely self describing using the guard tags which obviates the > > problem above. > > Well that's what you want. David wants more than that :)
S'true :) > > On the larger issue of non-self describing formats like ASN.1: if your > > theory > > that there's a security hole by allowing opportunistic format detection is > > correct, simply making the user specify is palming our bug off on to the > > user > > and abdicating responsibility because now when they're tricked into an > > exploit they can be blamed not openssl. If such a bug exists, doing > > opportunistic format detection the better guarantor of overall system > > security because if such a bug is found, it would have to be fixed within > > openssl to everyone's benefit. > > We differ. We do. I think James put it well though, when he talked of "palming our bug off onto the user and abdicating responsibility". The library doesn't get to sit in its ivory tower of perfection; you are responsible for the API you inflict on users and how they actually *use* it. And besides, even if we force applications to iterate over the possible formats for themselves, they aren't going to have a bug *there*. Any bug will be in our parser for one specific format or another. We didn't even *save* our reputation by forcing the application authors to jump through hoops. And more to the point, you already *do* this, in d2i_AutoPrivateKey(). It's just that you only handle *some* of the known key formats, so the application has to explicitly try the others. What's being proposed here is merely that we fix that up to have full coverage — not a radical new approach at all. Oh, and that we automatically distinguish between PEM and DER forms, but *that* much is fairly trivial and safe. And the locale / character set issue is not relevant here. ASN.1 is binary, PEM is ASCII. When we come to talk about passwords, *sure* we can look at character sets. But that is a somewhat orthogonal issue. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
