IETF Logo Mail Archive

Re: [Acme] ACME or EST?

Christian Huitema <huitema@microsoft.com> Thu, 27 November 2014 22:43 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A2421A0141 for <acme@ietfa.amsl.com>; Thu, 27 Nov 2014 14:43:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wroWAjRXk2wP for <acme@ietfa.amsl.com>; Thu, 27 Nov 2014 14:43:04 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0716.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:716]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D79FB1A00D8 for <acme@ietf.org>; Thu, 27 Nov 2014 14:43:03 -0800 (PST)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (25.160.96.17) by DM2PR0301MB0654.namprd03.prod.outlook.com (25.160.96.16) with Microsoft SMTP Server (TLS) id 15.1.26.15; Thu, 27 Nov 2014 22:42:40 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([25.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([25.160.96.17]) with mapi id 15.01.0026.003; Thu, 27 Nov 2014 22:42:40 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
Thread-Topic: [Acme] ACME or EST?
Thread-Index: AQHQCPjbhOyJTn6r2k6eMGuP4A40fpxx4zaAgAAGHwCAAn3HR4AATagAgABcknA=
Date: Thu, 27 Nov 2014 22:42:39 +0000
Message-ID: <DM2PR0301MB0655D5E0292BAE408C92B3B7A8710@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com> <CAHOTMVLJFQsKUVaZueeqx4NRtzM+a4asU14YnQPC+2LHQCtcEQ@mail.gmail.com> <54752FD9.6040708@cs.tcd.ie> <m27fyg4yzg.wl%randy@psg.com> <CAMm+LwjOgYistjb8jo_aw0jJ9+0YpL++Y4yJONj1rCGG0kC94A@mail.gmail.com>
In-Reply-To: <CAMm+LwjOgYistjb8jo_aw0jJ9+0YpL++Y4yJONj1rCGG0kC94A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [24.16.156.113]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0654;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0654;
x-forefront-prvs: 040866B734
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(199003)(51704005)(33656002)(110136001)(101416001)(92566001)(86362001)(92726001)(20776003)(66066001)(97736003)(77156002)(77096003)(86612001)(2656002)(87936001)(106356001)(106116001)(99286002)(105586002)(107046002)(95666004)(62966003)(64706001)(54606007)(76176999)(50986999)(54356999)(31966008)(122556002)(40100003)(99396003)(46102003)(120916001)(74316001)(54206007)(21056001)(4396001)(76576001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0654; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/fHnfEo8WS7i5IrfuFtXunpdiIqI
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] ACME or EST?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Nov 2014 22:43:06 -0000

> One of the many reasons to drop ASN.1, particularly the Deranged Encoding Rules.
>
> The type of coding error that comes up is as follows:
>
> Tag Length[ Tag Length [Value]]
>
> Lets say each atom has a length of 1 byte, this would be coded
>
> xx 03 xx 01 xx
>
> Now what happens if the coder is wrong and instead gives:
>
> xx 99 xx 01 xx
>
> Buffer overrun error time!

On the other hand, there is enough information in the BER/DER encoding to perform run time verifications and avoid these overruns. It falls in the general category of "never trust input received from the network."

You can find this kind of errors with pretty much any "variable length" format. If you have explicit length coding, then you must check the consistency of the stated length with the message buffer. If you have implicit coding, e.g. using some kind of delimiter, you must checks that delimiters happen before the end of the message.

Then, there is all the fun related to integer overflow, especially when the syntax uses element counts rather than element length. Or stack overflow if the decoder uses recursion. Remember the attacks using "specially crafted JPEG images?"

I am not sure that the message description language matters very much, the quality of the implementation matters much more. And, as far as protocol go, better keep the syntax as simple as possible. But you are right about the level of "exotic complexity" in ASN.1. It does not help.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email