[Cryptography] BitCoin bug reported

James A. Donald jamesd at echeque.com
Sun Feb 16 18:03:37 EST 2014

On 2014-02-16 23:18, Theodore Ts'o wrote:
> I will note that the question of multiple encodings is a very old
> problem, and we've seen it with x.509 certificates, and with Kerberos
> tickets, and many others.  It's one of the reasons why I am not very
> fond of complex encoding schemes, such as ASN.1, when used in complex
> cryptographic protocols.  Yes, such protocols are extensible, which is
> wonderful from a protocol author's point of view.  From the point of
> view of an attacker looking for mistakes engendered by all that
> complexity, it is even more wonderful....

Surely unaligned ASN.1 CANONICAL-PER is fine, for the things that will 
be parsed are defined at compile time, limiting run time complexity. 
One cannot send a structure that the recipient has not been compiled to 

More information about the cryptography mailing list