Exponent 3 damage spreads...

James A. Donald jamesd at echeque.com
Fri Sep 15 22:03:01 EDT 2006 

     --
James A. Donald:
 > > Obviously we do need a standard for describing
 > > structured data, and we need a standard that leads
 > > to that structured data being expressed concisely
 > > and compactly, but seems to me that ASN.1 is causing
 > > a lot of grief.
 > >
 > > What is wrong with it, what alternatives are there
 > > to it, or how can it be fixed?

Bill Frantz wrote:
 > In SPKI we used S-Expressions.  They have the
 > advantage of being simple, perhaps even too simple.
 >
 > In describing interfaces in the KeyKOS design document
 > <http://www.cis.upenn.edu/~KeyKOS/agorics/KeyKos/Gnosi
 > s/keywelcome.html> we used a notation similar to
 > S-Expressions which was:
 >
 > (length, data)

The trouble with S-expressions is that as with
ASN.1-DER, all data structure is specified at run time,
in the sense that the run time data can have any
structure whatsoever. Thus the program parsing the data
has to be able to handle all possible data structures
whatsoever - including unexpected data structures
ingeniously concocted by an adversary to exploit flaws
in the program.  Run time description of data structure
should be a special case, an exception.

If the data can parsed at run time, without advance
knowledge of how the data is supposed to be structured,
without knowing what the header signifies, then it is
possible for an adversary to create complications by
structuring the data differently from the way it is
expected to be structured.

We need a system where the structure of the data is
largely determined by the header, and usually entirely
determined by the header, which is an arbitrary
identifier, not a description of one of an infinite
variety of possible data structures.  The recipient sees
the header, knows therefore what the structure of the
data must be, and proceeds to parse it as having that
structure, and in fact there is should be no run time
internal structure. If you do not know what the header
means, you should not be able to parse the data.  If you
could, then the adversary could create unexpected
structure.

Alternatively, we could have a system that allows
arbitrary run time structure, but with a general purpose
filter that absolutely guarantees expected structure,
rather than the programmers checking structure ad hoc in
each particular program.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      10vNqS4ChWmjQinDgd1a61m4GCk0hxC9KXi2Hy+N
      4jgO2FPYh3FS3oJk07kNEMuYXdYZlJNtCqort+Lwh

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list