Re: [TLS] TLS grammar checker?

["Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>]

To be honest, I never though that the SSL/TLS syntax is particularly helpful for an implementer nor for someone reading the document. 

I wonder whether it would be best to switch to something else in future documents. I don't think that mandating a specific language is particuarly useful either since (as we know from other protocols) there are pros and cons with all of them. 

 

I personally think that a description in natural language is typically best.

 

Gesendet: Mittwoch, 19. Juni 2013 um 14:10 Uhr
Von: "Peter Gutmann" <pgut001@cs.auckland.ac.nz>
An: "tls@ietf.org" <tls@ietf.org>
Betreff: Re: [TLS] TLS grammar checker?

Nico Williams <nico@cryptonector.com> writes:

>Ad-hoc syntaxes don't lend themselves to automatic tooling, so they tend to
>result in lots of error-prone hand-coding.

That's the problem with the SSL/TLS syntax, it looks like it's specified in a
formal language but it's really more of a specialised notation used to outline
(not always clearly) bits-on-the-wire. SSH and PGP use a very low-level form
(but still higher-level than TCP's pictorial bit-diagrams), which leads to
even more awkward hand-coded parsers (SSH makes it especially entertaining due
to its arbitrary mixing of binary data and comma-delimited string data).

If I had to do a premortem analysis of my parsing code and arrange it in order
of least to most likely to contain exploitable errors I'd have: ASN.1 -> Large
gap -> SSL/TLS -> SSH. Not sure where PGP would fit in there, probably
somewhere between SSL/TLS and SSH.

>What are you arguing for? (Mind you, this really isn't the right place...
>that goes for me too)

Yes it is, flamewars over data-description notations are at least as
interesting as vi vs. emacs, or KDE vs Gnome, or Amiga vs. Atari.

Peter.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls" target="_blank" rel="nofollow">https://www.ietf.org/mailman/listinfo/tls