[Cryptography] Heartbleed and fundamental crypto programming practices
Judson Lester
nyarly at gmail.com
Thu Apr 17 17:29:29 EDT 2014
On Thu, Apr 17, 2014 at 9:52 AM, John Kemp <john at jkemp.net> wrote:
> These sorts of things have been suggested for a while:
> http://langsec.org/insecurity-theory-28c3.pdf
>
> Write a parser for the input language (protocol) accepted by your program.
> That parser should have a preferably regular or deterministic context-free
> grammar.
>
> "Stay away from the halting problem".
>
> - johnk
>
I have to say, I'm really taking by the langsec formal approach to
input recognition. But regarding TLS in particular, I'm unclear on
their specifics. My understanding is that TLS mandates DER for ASN.1,
which is unambiguous. Further it seems to me that DER is isomorphic
with CER, which should be context-free, right? (This is leaving aside
the issue of x.509 CNs)
Judson
More information about the cryptography
mailing list