Re: PublicKeyFile Format Security Considerations

To: "Brent McClure" <mcclure%swcp.com@localhost>
Subject: Re: PublicKeyFile Format Security Considerations
From: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Date: Wed, 30 Jul 2003 12:56:20 -0400

> Implementors are cautioned to verify the correctness of the encoding/decoding
> routines used to save and read files in this format. A malfunctioning
> decoder used to read public-key data will most likely produce 
> invalid data with unknown cryptographic properties. In the worst
> case this cata could be vulnerable various forms of cryptographic attack.

I'm not sure that a cryptographic attack is the worst case.  Are we
sure that a malfunctioning decoder can't possibly be vulnerable to a
buffer overflow?

Follow-Ups:
- Re: PublicKeyFile Format Security Considerations
  - From: Brent McClure

References:
- Re: PublicKeyFile Format Security Considerations
  - From: RJ Atkinson
- Re: PublicKeyFile Format Security Considerations
  - From: Brent McClure

Prev by Date: Re: PublicKeyFile Format Security Considerations
Next by Date: Re: PublicKeyFile Format Security Considerations
Previous by Thread: Re: PublicKeyFile Format Security Considerations
Next by Thread: Re: PublicKeyFile Format Security Considerations
Indexes:

Home | Main Index | Thread Index | Old Index