[
Lists Home |
Date Index |
Thread Index
]
It may also be a period issue. As has been
noted by some in the Managing Innovation thread
here and in articles published recently on
security, sloppy code is a common problem
in all systems with regards to security,
and that this emphasis on security is a
recent phenomenon with regards to widespread
awareness. XML is a reworking of SGML on
the Web and the Web itself is the primary
source of the massive outbreak of security
problems in recent years. Its culture and
its ubiquity have contributed. Now that same
culture must use that ubiquity to raise
awareness of the problems and the solutions,
and the members of it must learn to collaborate
to innovate new solutions. XML has the advantage
over ASN.1 that its tools were created as that
awareness was emerging because the environment
to which it is targeted nurtured the problem.
The first step will be to learn to dampen
Spy Vs Spy arguments with regards to who
has the safest system in situations where
it is the coding culture that is at issue.
len
-----Original Message-----
From: Tim Bray [mailto:tbray@textuality.com]
Alessandro Triglia wrote:
> Decoding ASN.1 BER/DER is not particularly difficult. The procedure is
> specified in pages 10-37 of X.690 (*), which has been around for two
> decades. If there are buggy implementations out there, they are not due
to
> the alleged complexity of ASN.1, but to careless programming and
superficial
> testing.
Empirically, though, when I have been faced with actual BER data,
*ER-reading tools have been hard to find and of generally lousy quality.
This is not the case with XML tools. Assuming you are correct about
the difficulty, I assume this is a result of cultural and market rather
than technical issues. -Tim
|
