[147447] in cryptography@c2.net mail archive
Re: [Cryptography] TLS2
daemon@ATHENA.MIT.EDU (James A. Donald)
Wed Oct 2 10:25:51 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 02 Oct 2013 16:13:00 +1000
From: "James A. Donald" <jamesd@echeque.com>
CC: Crypto <cryptography@metzdowd.com>
In-Reply-To: <CAHOTMVL2f6Tx8gK_LG7QGL+C7WY9wWG2Svd2g0yk8ALqMr3Lyw@mail.gmail.com>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
This is a multi-part message in MIME format.
--===============3330166612467191260==
Content-Type: multipart/alternative;
boundary="------------010209030405090103080305"
This is a multi-part message in MIME format.
--------------010209030405090103080305
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
On 2013-10-02 13:18, Tony Arcieri wrote:
> LANGSEC calls this: full recognition before processing
>
> http://www.cs.dartmouth.edu/~sergey/langsec/occupy/
> <http://www.cs.dartmouth.edu/%7Esergey/langsec/occupy/>
I disagree slightly with langsec.
At compile time you want an extremely powerful language for describing
data, that can describe any possible data structure.
At run time, you want the least possible power, such that your
recognizer can only recognize the specified and expected data structure.
Thus BER and DER are bad for the reasons given by Langsec, indeed they
illustrate the evils that langsec condemns, but these criticisms do not
normally apply to PER, since for PER, the dangerously great power exists
only at compile time, and you would have to work pretty hard to retain
any substantial part of that dangerously great power at run time.
--------------010209030405090103080305
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 2013-10-02 13:18, Tony Arcieri
wrote:<br>
</div>
<blockquote
cite="mid:CAHOTMVL2f6Tx8gK_LG7QGL+C7WY9wWG2Svd2g0yk8ALqMr3Lyw@mail.gmail.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=ISO-8859-1">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">LANGSEC calls this: full recognition
before processing
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://www.cs.dartmouth.edu/%7Esergey/langsec/occupy/"
target="_blank">http://www.cs.dartmouth.edu/~sergey/langsec/occupy/</a><br>
</div>
</div>
</div>
</div>
</blockquote>
<br>
I disagree slightly with langsec.<br>
<br>
At compile time you want an extremely powerful language for
describing data, that can describe any possible data structure.<br>
<br>
At run time, you want the least possible power, such that your
recognizer can only recognize the specified and expected data
structure.<br>
<br>
Thus BER and DER are bad for the reasons given by Langsec, indeed
they illustrate the evils that langsec condemns, but these
criticisms do not normally apply to PER, since for PER, the
dangerously great power exists only at compile time, and you would
have to work pretty hard to retain any substantial part of that
dangerously great power at run time.<br>
</body>
</html>
--------------010209030405090103080305--
--===============3330166612467191260==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============3330166612467191260==--