[Cryptography] Encodings for crypto
tytso at mit.edu
Mon Feb 17 16:46:56 EST 2014
On Mon, Feb 17, 2014 at 01:42:30PM -0500, Phillip Hallam-Baker wrote:
> I think we can do better:
Have you looked at RFC 7049? Paul Hoffman pointed me to it off-list,
like your I-D, it's closely aligned to the JSON model. There is also
an Apache 2.0 licensed implementation available:
> 1) Read in the bytes, abort if there are too many
> 2) Authenticate the bytes (Nope, I don't believe in canonicalization.)
> 3) Parse the data structure to internal representation, discarding all data
> that is not understood.
> 4) Validate the data for consistency (if possible)
> 5) Pass to the security sensitive module to process.
Sure, as long as people don't assume that (2) doesn't obviate the need
for (4). Fuzz testing is a really good idea for any input data which
is from a potentially untrusted source.
> Doing authentication at the byte level before parsing is robust and
> insulates the code from parser errors. It is also a good defense against
> injection errors if we enforce a rule that every command is independently
> authenticated and validated.
No, it does **not** insulate the code from parser errors. It just
means that assuming the attacker hasn't scrubbed your logs after
carrying out a stack overflow attack, you might be able to figure out
from the authenticated identity who was able to carry out an attack
against your parser. :-)
More information about the cryptography