At 02:41 PM 10/5/2003 Sunday, Tyler Close wrote: >On Sunday 05 October 2003 11:03, Jonathan S. Shapiro wrote: >> Peter: >> >> I agree that ASN.1 is statically checkable, and that this is an >> important property. > >What exactly does it mean for a format to be "statically >checkable"?
Peter's statement was: At 10:58 PM 10/3/2003 Friday, Peter Gutmann wrote: >I would say the exact opposite: ASN.1 data, because of its TLV encoding, is >self-describing (c.f. RPC with XDR), which means that it can be submitted to a >static checker that will guarantee that the ASN.1 is well-formed. In other >words it's possible to employ a simple firewall for ASN.1 that isn't possible >for many other formats (PGP, SSL, ssh, etc etc). This is exactly what >cryptlib does, I'd be extremely surprised if anything could get past that. >Conversely, of all the PDU-parsing code I've written, the stuff that I worry >about most is that which handles the ad-hoc (a byte here, a unit32 there, a >string there, ...) formats of PGP, SSH, and SSL. We've already seen half the >SSH implementations in existence taken out by the SSH malformed-packet >vulnerabilities, I can trivially crash programs like pgpdump (my standard PGP >analysis tool) with malformed PGP packets (I've also crashed quite a number of >SSH clients with malformed packets while fiddling with my SSH server code), >and I'm just waiting for someone to do the same thing with SSL packets. In >terms of safe PDU formats, ASN.1 is the best one to work with in terms of >spotting problems. Shap wrote: >> However, ASN.1 is notoriously hard to parse, which leads to errors. >> >> I do wonder if we shouldn't design a format that captures the best of >> both worlds... Tyler wrote: >Does the Waterken Doc code format capture the best of both worlds? >See: > >http://www.waterken.com/dev/Doc/code/ If I understand Peter's statement, the answer is yes for Doc, S-Expressions, Term trees, XML, Java serialization streams, and many other formats; both textual and binary. As for Corba IIOP and the CapIDL serialization format, only if the interface definition is included. Otherwise, I don't think these are self-describing in the sense Peter means. ---------------------------------------- Text by me above is hereby placed in the public domain Cheers, --MarkM --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]