<div dir="ltr">On Wed, Sep 25, 2013 at 7:18 PM, Peter Gutmann <span dir="ltr"><<a href="mailto:pgut001@cs.auckland.ac.nz" target="_blank">pgut001@cs.auckland.ac.nz</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">=?iso-8859-1?Q?Kristian_Gj=F8steen?= <<a href="mailto:kristian.gjosteen@math.ntnu.no">kristian.gjosteen@math.ntnu.no</a>> writes:<br>
<br>
>(For what it's worth, I discounted the press reports about a trapdoor in<br>
>Dual-EC-DRBG because I didn't think anyone would be daft enough to use it. I<br>
>was wrong.)<br>
<br>
</div>+1. It's the Vinny Gambini effect (from the film My Cousin Vinny):<br>
<br>
Judge Haller: Mr. Gambini, didn't I tell you that the next time you appear<br>
in my court that you dress appropriately?<br>
Vinny: You were serious about dat?<br>
<br>
And it's not just Dual-EC-DRBG that triggers the "You were serious about dat?"<br>
response, there are a number of bits of security protocols where I've been...<br>
distinctly surprised that anyone would actually do what the spec said.<br></blockquote><div><br></div><div>Quite, who on earth thought DER encoding was necessary or anything other than incredible stupidity?</div><div><br>
</div><div>I have yet to see an example of code in the wild that takes a binary data structure, strips it apart and then attempts to reassemble it to pass to another program to perform a signature check. Yet every time we go through a signature format development exercise the folk who demand canonicalization always seem to win.</div>
<div><br></div><div>DER is particularly evil as it requires either the data structures to be assembled in the reverse order or a very complex tracking of the sizes of the data objects or horribly inefficient code. But XML signature just ended up broken.</div>
<div><br></div><div><br></div><div>[Just found your ASN.1 dump tool and using it to debug my C# ASN.1 encoder, OK so maybe ASN.1 is not terrible if I can put together a compiler in four days but I am not using the Assanine 1 schema syntax and I am using my personal toolchain]</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
(Having said that, I've also occasionally been pleasantly surprised when, by<br>
unanimous unspoken consensus among implementers, everyone ignored the spec and<br>
did the right thing).<br></blockquote><div><br></div><div>I have a theory that the NSA stooges are not the technical folk. Why on earth would a world class expert want to spend their time playing silly games sabotaging specs when they could have much more fun working inside the NSA at Fort Meade or building stuff.</div>
<div><br></div><div>What I would do is to take a person who is a technical wannabe and provide him with technical support and tell him to try to wheedle positions as a document editor. Extra points if they manage to discourage participation by folk with solid technical chops.</div>
<div><br></div><div><br></div><div>We saw something of the sort during the anti-spam efforts. I was sure at the time that the spammers had folk paid to make the discussions as acrimonious as possible. </div><div> </div></div>
<div><br></div>-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>