[
Lists Home |
Date Index |
Thread Index
]
On Friday 03 October 2003 11:48, Bullard, Claude L (Len) wrote:
> Ok. What precisely about ASN.1 poses security
> problems beyond the implementation? I'm surprised
> to hear that. ASN.1 has been around for a long
> time.
I am not making a remark about problems beyond the implementation.
I am only pointing out that the implementation itself has proved
problematic, even in a coding culture that is highly attuned to
security issues.
If we dismiss this data point as the result of 'sloppy
programming', then who among us is not 'sloppy'? Do we think web
services hackers are typically more competent than the OpenSSL
hackers?
Tyler
>
> len
>
> -----Original Message-----
> From: Tyler Close [mailto:tyler@waterken.com]
>
> On Friday 03 October 2003 10:32, Bullard, Claude L (Len) wrote:
> > The first step will be to learn to dampen
> > Spy Vs Spy arguments with regards to who
> > has the safest system in situations where
> > it is the coding culture that is at issue.
>
> The point of the original post is that ASN.1 posed problems even
> in a coding culture that is, and has been, highly attuned to
> security issues.
>
> Dismissing this data point as merely the results of sloppy
> programming seems dubious. There are likely greater lessons to be
> learned here.
>
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
>
> The list archives are at http://lists.xml.org/archives/xml-dev/
>
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>
|