W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

Re: The Science of Insecurity

From: Henry Story <henry.story@bblfish.net>
Date: Thu, 29 Dec 2011 16:48:41 +0100
Message-Id: <5925DDB2-B0BB-4D92-8867-4306045F1EFD@bblfish.net>
To: WebID XG <public-xg-webid@w3.org>

On 29 Dec 2011, at 16:00, Henry Story wrote:

> Here is a very interesting talk given at the 28c3 in Berlin today on how to analyse protocols for insecurity, using language complexity and the turing halting problem as a basic measure to delimit what cannot be resolved.
>   http://www.youtube.com/watch?v=3kEfedtQVOY
> So it would be an interesting work to look at the components we are using to see how these fit into this.

The speaker in the Q&A session mentions the project that showed recently that HTML5 + css3 leads to a turing complete state machine - and this without javascript! I think this is the project


Now luckily we don't require the use of css in html5 when parsing the metadata that is contained therein. But if javascript tools executing inside the html5 were to start parsing then they would certainly have this problem.

> So we could look at the serialisations we are using
>  - RDF/XML 
>  - Turtle
>  - NTriples (ok, this one is clearly parseable with regexps)
>  - RDFa
> Then to look at the underlying protocols:
>  - TLS and X509
>  - HTTP
> From what I understand it looks like there are a couple of issues with X509 ASN.1 encodings I think due to the way numbers are encoded there. And HTTP has the Content-Length field. 

>  Henry
> Social Web Architect
> http://bblfish.net/

Social Web Architect
Received on Thursday, 29 December 2011 15:49:13 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:50 UTC