[Cryptography] Langsec & authentication
Judson Lester
nyarly at gmail.com
Thu May 29 13:33:12 EDT 2014
On Wed, May 28, 2014 at 10:29 PM, James A. Donald <jamesd at echeque.com> wrote:
> On 2014-05-28 05:30, Judson Lester wrote:
>>
>> But, and this is the other half of my dilemma, authenticating
>> ambiguous blobs of data opens a giant hole in your MAC system: here's
>> two documents that mean "re-order coffee" and "nuke North Korea" with
>> the same MAC. Oops. And while that's theoretically possible
>> regardless, it becomes much easier to do if there's many many ways to
>> say "nuke North Korea."
>
>
> Again, ASN.1 CANONICAL-PER
Myself, I'm a big fan of ASN.1, and especially of the canonical
encodings, but the langsec objection to PER and DER is that
length-prefix encodings are context-sensitive. My point in all this
has been: a full ASN.1 implementation includes sets, and attribute
lists, so that even without length-prefix (e.g. CER) I think full
ASN.1 would be context-sensitive - although some protocol definitions
might not be, and some set of protocol design constraints (e.g. "don't
use sets"), including using CER, might reduce the resulting protocol
language to regular.
Judson
More information about the cryptography
mailing list