IETF Logo Mail Archive

Re: [TLS] TLS grammar checker?

Eric Rescorla <ekr@rtfm.com> Mon, 17 June 2013 14:00 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5402121F8D6D for <tls@ietfa.amsl.com>; Mon, 17 Jun 2013 07:00:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.035
X-Spam-Level:
X-Spam-Status: No, score=-100.035 tagged_above=-999 required=5 tests=[AWL=0.390, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BIufd57tQucA for <tls@ietfa.amsl.com>; Mon, 17 Jun 2013 07:00:23 -0700 (PDT)
Received: from mail-qa0-x229.google.com (mail-qa0-x229.google.com [IPv6:2607:f8b0:400d:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id 706CC21F9374 for <tls@ietf.org>; Mon, 17 Jun 2013 07:00:22 -0700 (PDT)
Received: by mail-qa0-f41.google.com with SMTP id f14so1466263qak.14 for <tls@ietf.org>; Mon, 17 Jun 2013 07:00:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=RCapfjC9T/qF2+TObBLmDqRieutzNsYyOmh7JcD0ems=; b=VW3BYH6b8JfeS1yAmYnvJQNUs0b4WHBKiERlyPfWxOTsmPLwWNqWWWCaSPShGTWFdl gCmQOVgg0lV3nj/FweQo5b83/94lrBT9k7mzlibP7RN/wbpNh9DBnZsBc/HsmtMVPdCl lIbRYh6UlyOzh7K+br60XCwsfs8lcN5PI8lco4qsez/y3RbL70S8V6kNF55gsSbR30w5 Itd3xOZes9UBhUzPQfuj4zsypMeL+2BUCPiyP3FL1vYhduXzZW3riK52r7kcNS+vI1zL QNpQykLH1oEETbTWyef2CDzpyiUbwOd7yuXVwQ0z538rgyBqlanFxn0QbJ9IXWjQ82Bu TjCg==
X-Received: by 10.224.205.8 with SMTP id fo8mr16885264qab.62.1371477621880; Mon, 17 Jun 2013 07:00:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.49.15.40 with HTTP; Mon, 17 Jun 2013 06:59:41 -0700 (PDT)
X-Originating-IP: [74.95.2.173]
In-Reply-To: <43347F57-8351-4348-AC3C-4EECE6EE3A32@vpnc.org>
References: <9A043F3CF02CD34C8E74AC1594475C7343D64D33@uxcn10-tdc02.UoA.auckland.ac.nz> <43347F57-8351-4348-AC3C-4EECE6EE3A32@vpnc.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 17 Jun 2013 06:59:41 -0700
Message-ID: <CABcZeBOLD8NBQ8vJFTwMW11V8NZ28oT5ttZmnoZ5gMQ4U7QQ_A@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: multipart/alternative; boundary="20cf3005dc0a7848d004df5a0457"
X-Gm-Message-State: ALoCoQlNc2+tIzac9T6poaJn1AWDqQWE75O7hDrD67QDhB2EHX9X3vavv17HZoPtfD0X4bMH6GUW
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] TLS grammar checker?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 14:00:28 -0000

On Mon, Jun 17, 2013 at 6:48 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:

> On Jun 16, 2013, at 11:09 PM, Peter Gutmann <pgut001@cs.auckland.ac.nz>
> wrote:
>
> > Paul Hoffman <paul.hoffman@vpnc.org> writes:
> >
> >> Greetings again. The recent errata shows that some of the TLS documents
> that
> >> use the grammar invented for SSL can have some errors. People have
> developed
> >> tools for checking ABNF grammar in Internet Drafts and RFCs; has anyone
> >> developed an SSL grammar checker?
> >
> > The SSL grammar isn't, AFAIK, any kind of machine-parseable formal
> grammar, in
> > published automated analyses the authors had to re-state what was going
> on in
> > their own notation in order to make it amenable to automated analysis,
> and
> > even then could usually only do a subset of the protocol.  So you'd need
> to
> > come up with your own grammar that's amenable to automated processing
> and re-
> > specific TLS in that.  I can't really see that happening any time soon.
>
> Indeed, so my question was hopeful that it had been done in the past.
>
> > (Having said that, I'd like to see it done.  The grammar used in the
> SSL/TLS
> > RFCs is pretty confusing in places).
>
> It could be / would have been an interesting task for a CS intern or
> summer student, or a prof researching widely-used grammars.
>

I've built parsers for subsets of the grammar. I'm not sure anyone has
built one for the entire TLS protocol. I think you would probably have to
iterate:

1. Build the parser.
2. Try to parse the grammar in the specifications.
3. Look at where it fails and try to decide whether your parser
    was wrong or the specs were wrong.
4. File errata and/or fix your parser.
5. Rinse, repeat

-Ekr

v2.29.0 | Report a Bug | By Email | System Status