Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Fwd: [e-lang] Protocol implementation errors
![Re: Fwd: [e-lang] Protocol implementation errors](/images/get_stylus.gif) > I am asking if, > as in the billion laughs problems with XML, there are > features of ASN.1 guaranteed to cause security problems. ASN.1, itself, is just a data declaration language, like an IDL. More probably, you have to look at the specific encoding rules to see the wire format (serialization) to see if that's architecturally broken. ASN1 is like the infoset, and DER, BER, PER, XER (encoding rules) are like XML 1.0. BER can be useful for optimizing in homogeneous environments (e.g., it lets you pick the byte-order for integers). In the security environment (PKI, certs, etc), you use DER because there's only one way to encode and you need that for hashing; PER we just heard about, it's compact; XER is writing ASN.1 as XML. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html 
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
