[Cryptography] Is ASN.1 still the thing?

James A. Donald jamesd at echeque.com
Mon Nov 20 14:51:26 EST 2017

On 11/20/2017 10:58 AM, Phillip Hallam-Baker wrote:
> The issue is not whether the code is reliable, it is whether it
> responds correctly and securely when presented with a malicious input.
> And unless the code is written in a language that has built in bounds
> checking, I cannot trust it no matter how much it has been used
> because these issues keep being uncovered decades after code was
> shipped.

The huge problem is that people write decoders to deserialize arbitrary 
input, which necessarily includes inputs that you and your program never 
anticipated.  You don't want a decoder/desiralizer that can correctly 
decode/deserialize arbitrary input.  You want it to reject any input 
that you did not explicitly anticipate.

Rust has built in bounds checking, which in a well written rust program 
should in theory only incur compile time costs, but I looked at their 
deserializers, and they all use run time typing (which is run time 
costly) to handle arbitrary inputs.  It is not the run time cost that 
worries me, that is insignifcant compared to bandwidth costs.  It is the 
surprise run time types.

This email has been checked for viruses by Avast antivirus software.

More information about the cryptography mailing list