OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   RE: [xml-dev] Fwd: [e-lang] Protocol implementation errors

[ Lists Home | Date Index | Thread Index ]



Bullard, Claude L (Len) wrote:
> 
> Ok.  What precisely about ASN.1 poses security 
> problems beyond the implementation?  I'm surprised 
> to hear that.  ASN.1 has been around for a long 
> time.


Besides, ASN.1 and its encoding rules have been under close scrutiny during
the last 18 months or so, because of allegations that the standards
themselves might have flaws that could result in security vulnerabilities.  

Nothing has come out.  The standards are fine.

Alessandro


> 
> len
> 
> -----Original Message-----
> From: Tyler Close [mailto:tyler@waterken.com]
> 
> On Friday 03 October 2003 10:32, Bullard, Claude L (Len) wrote:
> > The first step will be to learn to dampen
> > Spy Vs Spy arguments with regards to who
> > has the safest system in situations where
> > it is the coding culture that is at issue.
> 
> The point of the original post is that ASN.1 posed problems 
> even in a coding culture that is, and has been, highly 
> attuned to security issues.
> 
> Dismissing this data point as merely the results of sloppy 
> programming seems dubious. There are likely greater lessons 
> to be learned here.
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org 
> <http://www.xml.org>, an initiative of OASIS 
<http://www.oasis-open.org>

The list archives are at http://lists.xml.org/archives/xml-dev/

To subscribe or unsubscribe from this list use the subscription
manager: <http://lists.xml.org/ob/adm.pl>






 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS