On Sun, Mar 22, 2015 at 10:19 AM, Gregory Maxwell
<gmaxwell(_at_)gmail(_dot_)com> wrote:
On Sun, Mar 22, 2015 at 2:05 PM, Phillip Hallam-Baker
<phill(_at_)hallambaker(_dot_)com> wrote:
Even ASN.1 BER encoding isn't that difficult. The really horrible part
is having to do DER.
BER has many strange encoding corner cases that no one actually gets
right. I went through a while ago checking BER implementations and I
was not able to find a _single_ correct open source implementation of
it.
The code in OpenSSL, bouncy castle, etc. are all incorrect.
DER is fairly straight forward itself, but what people do is implement
DER with their (incomplete) BER parser and fail to narrow the behavior
sufficiently and end up with something that is a weird superset of DER
but still a subset of BER.
Most applications are not harmed by these problems is deseralization
but from time to time they result in actual meaningful
vulnerabilities.
People keep telling me that canonicalization is necessary for
security. In 25 years I have never once heard someone give a use case
where it did.
Of course, the real author of ASN.1 becomes clear when you know it is
his name backwards.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp