OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   RE: [xml-dev] Fwd: [e-lang] Protocol implementation errors

[ Lists Home | Date Index | Thread Index ]

It may also be a period issue.  As has been 
noted by some in the Managing Innovation thread 
here and in articles published recently on 
security, sloppy code is a common problem 
in all systems with regards to security, 
and that this emphasis on security is a 
recent phenomenon with regards to widespread 
awareness.  XML is a reworking of SGML on 
the Web and the Web itself is the primary 
source of the massive outbreak of security 
problems in recent years.  Its culture and 
its ubiquity have contributed.  Now that same 
culture must use that ubiquity to raise 
awareness of the problems and the solutions, 
and the members of it must learn to collaborate 
to innovate new solutions.  XML has the advantage 
over ASN.1 that its tools were created as that 
awareness was emerging because the environment 
to which it is targeted nurtured the problem.

The first step will be to learn to dampen 
Spy Vs Spy arguments with regards to who 
has the safest system in situations where 
it is the coding culture that is at issue.


-----Original Message-----
From: Tim Bray [mailto:tbray@textuality.com]

Alessandro Triglia wrote:

> Decoding ASN.1 BER/DER is not particularly difficult.  The procedure is
> specified in pages 10-37 of X.690 (*), which has been around for two
> decades.  If there are buggy implementations out there, they are not due
> the alleged complexity of ASN.1, but to careless programming and
> testing.

Empirically, though, when I have been faced with actual BER data, 
*ER-reading tools have been hard to find and of generally lousy quality. 
  This is not the case with XML tools.  Assuming you are correct about 
the difficulty, I assume this is a result of cultural and market rather 
than technical issues. -Tim


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS