W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

The Science of Insecurity

From: Henry Story <henry.story@bblfish.net>
Date: Thu, 29 Dec 2011 16:00:12 +0100
Message-Id: <875ADFEA-42EE-4236-B029-2B9EC507E433@bblfish.net>
To: WebID XG <public-xg-webid@w3.org>
Here is a very interesting talk given at the 28c3 in Berlin today on how to analyse protocols for insecurity, using language complexity and the turing halting problem as a basic measure to delimit what cannot be resolved.

   http://www.youtube.com/watch?v=3kEfedtQVOY

So it would be an interesting work to look at the components we are using to see how these fit into this.

So we could look at the serialisations we are using
 
  - RDF/XML 
  - Turtle
  - NTriples (ok, this one is clearly parseable with regexps)
  - RDFa

Then to look at the underlying protocols:

  - TLS and X509
  - HTTP

From what I understand it looks like there are a couple of issues with X509 ASN.1 encodings I think due to the way numbers are encoded there. And HTTP has the Content-Length field. 
  
  Henry

Social Web Architect
http://bblfish.net/
Received on Thursday, 29 December 2011 15:00:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 29 December 2011 15:00:49 GMT