[Cryptography] Heartbleed and fundamental crypto programming practices

Jerry Leichter leichter at lrw.com
Sun Apr 27 12:34:48 EDT 2014 

On Apr 26, 2014, at 9:21 PM, Christian Huitema <huitema at huitema.net> wrote:
> There was indeed lots of gratuitous complexity in ASN.1. Why was there a
> need for SEQUENCE and SET, or a distinction between SEQUENCE OF and SET OF?
> Why was there a need for both IMPLICIT and EXPLICIT tags? Why where there
> three types of tag numbers? Why have two ways to encode the length of a
> structure type? The worse was probably the extension method.
There are a number of things that lead to these kinds of designs (which are often, but not always, standards).  It's not "design by committee" as such.  There are committees that produce excellent designs; there are individuals who produce horrible ones.  It's a question of who's involved and what their motivations are.  Among the things that produce bad results:

1.  The designers are big names who no longer actually implement anything, but feel the need to justify theories about design that have worked for them in the past.  (Often, the theories are post hoc explanations for past successes and have little causal connection to those successes.)
2.  The designers fairly recently implemented something very much like what is being designed, know all the problems they ran into, and want to get it *right* this time.  They fall for a variant of Second System Syndrome.
3.  There are multiple people who can say "yes", but no one who has the authority to say "no".  This leads to compromises of the form "I'll OK your proposal if you OK mine."
4.  There are multiple designers in each subdivision of the spec, they have different ideas about the best approach (counted length vs. terminating sequence, for example).  Since each is "as right" as the others, and each is "as easy to implement" as the others, they all make it in as alternatives.
5.  If you're talking standards committees, politics (the same people tend to be involved with each other for multiple standards) and money (companies have their own technologies and want them included in the standard so they don't lose their investment) come in as well.
6.  Once a certain threshold of complexity is reached, it becomes extremely difficult to argue against one more "small" addition.  If the spec is two pages, everyone can see that a new alternative that takes a paragraph to describe is a big deal.  If a spec is two hundred pages, it starts to become difficult.  By 1000 pages - hey, why not add it.

I'm sure there are others - and in the case of crypto, we strongly suspect that in addition to all the usual factors, there's been active subversion as well.

For a design to succeed, the designers have to be committed to *it's* success, not to their own.  One-person designs have an edge because the two overlap.  Groups with strong tyrants as leads can succeed for the same reason.  These can also fail badly if led in the wrong direction.

There are no easy solutions.
                                                        -- Jerry

More information about the cryptography mailing list