[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: Fwd: [e-lang] Protocol implementation errors
Tyler Close wrote, > On Friday 03 October 2003 15:06, Rich Salz wrote: > > In every case so far, it's been untested code paths. As others > > have said, that's not ASN1/[BDPX]ER's fault. > > What if the design of ASN1/[BDPX]ER yields many more code paths > than other designs? Is that a design flaw? Arguably it might be if that were the case. Is it tho'? Can you show that the design of ASN1/[BDPX]ER is such that all plausible implementations must have "many" more code paths than a plausible implementation of a validating XML parser (or XML+WXS, or XML+RNG, or XML+RNG+XSD)? I'd be happy to be corrected, but _intutively_ I find that somewhat implausible. Personally, based on a mild acquaintance with with the OpenSSL source, I think the bulk of the responsibility for the recent and not so recent OpenSSL flaws lies neither with the design of ASN1/[BDPX]ER, nor with sloppy coders, but with a large and by now somewhat crufty legacy codebase. Cheers, Miles
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|