[Cryptography] Is ASN.1 still the thing?

[Ron Garret]

On Nov 19, 2017, at 1:59 PM, Phillip Hallam-Baker <phill at hallambaker.com> wrote:

> ASN.1 DER is unsafe and ASN.1 BER can be unsafe.
> 
> The issue is simple: Some people are unable to write secure code. If
> you use an encoding that makes it more likely such people will write
> an incorrect implementation that leads to buffer overrun errors then
> that is your fault.
> 
> Specifically, the issues that occur are of the form
> 
> LengthA:{LengthB:{Data}, LenghtC:{Data}}
> 
> It turns out that in many implementations of IPv6, ASN.1, JPEG, etc,
> it is possible to cause a buffer overrun by creating such as structure
> with LengthB > LengthA.

This is the reason I designed my serialization format so that LengthA is a count of the number of fields, not the total length of the structure.  (I am obsessive about DRY code and designs.)

In case you missed it, the description can be found in the comments of the reference implementation:

https://github.com/rongarret/tweetnacl/blob/master/ratchet.lisp

Feedback would be appreciated.  If you don’t like ASN1 you might like my design.  It was born of a frustration with ASN1’s complexity.

rg