|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Fwd: [e-lang] Protocol implementation errors
On Fri, 2003-10-03 at 11:53, Tyler Close wrote: > If we dismiss this data point as the result of 'sloppy > programming', then who among us is not 'sloppy'? Do we think web > services hackers are typically more competent than the OpenSSL > hackers? > > Tyler First, I'm totally ASN clueless. However, following this thread, and remembering Tim Bray's longstanding complaints about the quality of the ASN.1 data he sees, and the functionality of the tools he can find to process it, my feeling would be to take a look at ASN.1 itself. And not particularly look for security problems, but difficulty of implementation, and possibly of understanding. If a spec is hard to implement, surely it's hard to implement securely. Certainly that applies if it's hard to understand. If it is hard to implement, what is gained by the tradeoff? Frank Richards
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||

Cart


![Re: Fwd: [e-lang] Protocol implementation errors](/images/get_stylus.gif)





