[Cryptography] Is it time for a revolution to replace TLS?

[Dennis E. Hamilton]

    From: Judson Lester
    Sent: Wednesday, April 16, 2014 13:19
    Subject: Re: [Cryptography] Is it time for a revolution to replace TLS?

    On Wed, Apr 16, 2014 at 11:52 AM, Tony Arcieri <bascule at gmail.com> wrote:
    [ ... ]
    > Have you actually read the LANGSEC paper and the attacks on ASN.1 they
    > describe?
    >
    > http://langsec.org/papers/langsec-tr.pdf

    [ ... ]

    Second, my intuition is that CER would be context-free - as much as
    s-expressions would be. And that DER is O(n) isomorphic to CER. So if
    anything, there's an direction for how to implement an X.509 parser.

    But it still wouldn't solve null embeddings - but that's solvable.
    (And: I'm not familiar enough with Rust to answer this off the top of
    my head: you'd have to implement a check for nulls there, anyway,
    right?)

   [ ... ]

If we're talking about web-site addresses, it would be better to check the string to be a well-formed absolute URI of appropriate scheme.  

This will eliminate null bytes and many other aberrations, including same-appearance but different character-code deceptions.  

If a greater variety of characters is desirable, the URI representation of IRIs can be used.  Ideally the form would be canonical.  Either way, the URI in the certicate and the URI used to access a site could be canonicalized to ensure that both refer to the same place.

The langsec-tr cautions concerning underspecified parameters and the consequences of implementation deviations impacting a too-loose data type hold here, of course.  I don't see how any of this is about some unique peculiarity of ASN.1, however.