[Cryptography] BitCoin bug reported

Theodore Ts'o tytso at mit.edu
Mon Feb 17 12:52:23 EST 2014

On Sun, Feb 16, 2014 at 07:31:41PM -0800, Bill Stewart wrote:
> At 03:03 PM 2/16/2014, James A. Donald wrote:
> >Surely unaligned ASN.1 CANONICAL-PER is fine, for the things that
> >will be parsed
> >are defined at compile time, limiting run time complexity.
> Of course you can send the recipient a structure it hasn't been
> compiled to understand.
> It won't understand it, but maybe your objective is to get it to
> misunderstand.  (And yeah, PER is probably the safest version of
> that hive of scum and villainy known as ASN.1, or at least it's less
> unsafe than DER or BER.)

I agree that PER is probably better of a sea of bad choices.  However,
I still have a philosophical dislike of complex encoding schemes such
as ASN.1 which allow for arbitrary optional fields and optional data
structures, because it encourages protocol complexity.  If you have a
protocol message with a dozen different optional fields, the
combinatorics mean that you have at least 4096 test cases to write if
you are doing black box testing, and that's just testing the presence
or absence of the optional fields, ignoring tests based on the value
of those fields if they are present.

There is nothing in ASN.1 which requires such complexity --- you could
just use a very simple Tag-Length-Value (TLV) encoding scheme using
ASN.1, true.  But in that case, why not use a much simpler encoding
scheme to begin with?

In some sense, my dislike of ASN.1 is the same reason why I am
cautious about C++.  Unless you have a very strong C++ coding
guidelines which disables huge portions of the C++ language, the
temptation to use every last language feature, whether it is defining
the comma operator, or function overloading combined with large
numbers of class conversion functions where it can be verify unclear
which variant of the overloaded function the compiler will pick, is so
huge that C++ without a rigorously enforced C++ coding style guide is
a minefield.

Of course, Bitcoin managed to create an overly complex encoding scheme
without using ASN.1, which just goes to show that you can write
Fortran in any language.  :-/

							- Ted

More information about the cryptography mailing list