[Cryptography] Heartbleed and fundamental crypto programming practices
John Kemp
john at jkemp.net
Thu Apr 17 17:34:27 EDT 2014
On 04/17/2014 05:29 PM, Judson Lester wrote:
> On Thu, Apr 17, 2014 at 9:52 AM, John Kemp <john at jkemp.net> wrote:
>> These sorts of things have been suggested for a while:
>> http://langsec.org/insecurity-theory-28c3.pdf
>>
>> Write a parser for the input language (protocol) accepted by your program.
>> That parser should have a preferably regular or deterministic context-free
>> grammar.
>>
>> "Stay away from the halting problem".
>>
>> - johnk
>>
>
> I have to say, I'm really taking by the langsec formal approach to
> input recognition. But regarding TLS in particular, I'm unclear on
> their specifics. My understanding is that TLS mandates DER for ASN.1,
> which is unambiguous. Further it seems to me that DER is isomorphic
> with CER, which should be context-free, right? (This is leaving aside
> the issue of x.509 CNs)
Yes, good point. I didn't make myself clear enough.
What got me started on thinking about this in relation to OpenSSL is
that there was a sense that the protocol doesn't adequately define the
heartbeat interaction. I got that sense from this email:
http://lists.randombit.net/pipermail/cryptography/2014-April/006378.html
and the IETF discussion referenced therein.
- johnk
>
> Judson
>
More information about the cryptography
mailing list