Re: PublicKeyFile Format Security Considerations

To: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
Subject: Re: PublicKeyFile Format Security Considerations
From: "Brent McClure" <mcclure%swcp.com@localhost>
Date: Wed, 30 Jul 2003 15:13:57 -0600

From: "Joel N. Weber II" <ietf-secsh%joelweber.com@localhost>
> I'm not sure that a cryptographic attack is the worst case.  Are we
> sure that a malfunctioning decoder can't possibly be vulnerable to a
> buffer overflow?

That's true. So, should I just change the use of the wording "worst case" 
to something like this?:

  "... A malfunctioning decoder used to read public-key data will most 
  likely produce invalid data with unknown cryptographic properties which
  may leave this data vulnerable various forms of cryptographic attack."

On the other hand, your suggestion of a buffer overflow makes me wonder
if this caution about properly implementing the parsing/decoding of
public-key data is too much a statement of the obvious. Ie. if there
isn't a specific concern about the decoding of public keys here that
warrants mentioning, then maybe I should just strike it. After all
if what I wrote above is just another way of saying "Implementors should
avoid bugs, and especially buffer overruns in their code" then maybe
it doesn't add anything of value.

--Brent

Follow-Ups:
- Re: PublicKeyFile Format Security Considerations
  - From: Joel N. Weber II

References:
- Re: PublicKeyFile Format Security Considerations
  - From: RJ Atkinson
- Re: PublicKeyFile Format Security Considerations
  - From: Brent McClure
- Re: PublicKeyFile Format Security Considerations
  - From: Joel N. Weber II

Prev by Date: Re: PublicKeyFile Format Security Considerations
Next by Date: Re: PublicKeyFile Format Security Considerations
Previous by Thread: Re: PublicKeyFile Format Security Considerations
Next by Thread: Re: PublicKeyFile Format Security Considerations
Indexes:

Home | Main Index | Thread Index | Old Index