[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Re: Fwd: [e-lang] Protocol implementation errors

• To: Tyler Close <tyler@w...>
• Subject: Re: Fwd: [e-lang] Protocol implementation errors
• From: Frank <frank@t...>
• Date: 03 Oct 2003 12:50:18 -0400
• Cc: xml-dev@l...
• In-reply-to: <E1A5SFH-0002te-00@canteen>
• Organization:
• References: <15725CF6AFE2F34DB8A5B4770B7334EE03F9ED50@h...> <E1A5SFH-0002te-00@canteen>

On Fri, 2003-10-03 at 11:53, Tyler Close wrote:

> If we dismiss this data point as the result of 'sloppy
> programming', then who among us is not 'sloppy'? Do we think web
> services hackers are typically more competent than the OpenSSL
> hackers?
> 
> Tyler

First, I'm totally ASN clueless. 

However, following this thread, and remembering Tim Bray's longstanding
complaints about the quality of the ASN.1 data he sees, and the
functionality of the tools he can find to process it, my feeling would
be to take a look at ASN.1 itself. And not particularly look for
security problems, but difficulty of implementation, and possibly of
understanding.

If a spec is hard to implement, surely it's hard to implement securely.
Certainly that applies if it's hard to understand.

If it is hard to implement, what is gained by the tradeoff?

Frank Richards

• Follow-Ups:
  • Re: Fwd: [e-lang] Protocol implementation errors
    • From: "Simon St.Laurent" <simonstl@s...>

• References:
  • RE: Fwd: [e-lang] Protocol implementation errors
    • From: "Bullard, Claude L (Len)" <clbullar@i...>
  • Re: Fwd: [e-lang] Protocol implementation errors
    • From: Tyler Close <tyler@w...>

• Prev by Date: RE: Fwd: [e-lang] Protocol implementation errors
• Next by Date: Re: Fwd: [e-lang] Protocol implementation errors
• Previous by thread: Re: Fwd: [e-lang] Protocol implementation errors
• Next by thread: Re: Fwd: [e-lang] Protocol implementation errors
• Index(es):
  • Date
  • Thread