[Cryptography] Is ASN.1 still the thing?
James A. Donald
jamesd at echeque.com
Mon Nov 20 14:51:26 EST 2017
On 11/20/2017 10:58 AM, Phillip Hallam-Baker wrote:
> The issue is not whether the code is reliable, it is whether it
> responds correctly and securely when presented with a malicious input.
> And unless the code is written in a language that has built in bounds
> checking, I cannot trust it no matter how much it has been used
> because these issues keep being uncovered decades after code was
> shipped.
The huge problem is that people write decoders to deserialize arbitrary
input, which necessarily includes inputs that you and your program never
anticipated. You don't want a decoder/desiralizer that can correctly
decode/deserialize arbitrary input. You want it to reject any input
that you did not explicitly anticipate.
Rust has built in bounds checking, which in a well written rust program
should in theory only incur compile time costs, but I looked at their
deserializers, and they all use run time typing (which is run time
costly) to handle arbitrary inputs. It is not the run time cost that
worries me, that is insignifcant compared to bandwidth costs. It is the
surprise run time types.
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the cryptography
mailing list