OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Fwd: [e-lang] Protocol implementation errors

[ Lists Home | Date Index | Thread Index ]

On Fri, 2003-10-03 at 11:53, Tyler Close wrote:

> If we dismiss this data point as the result of 'sloppy
> programming', then who among us is not 'sloppy'? Do we think web
> services hackers are typically more competent than the OpenSSL
> hackers?
> Tyler

First, I'm totally ASN clueless. 

However, following this thread, and remembering Tim Bray's longstanding
complaints about the quality of the ASN.1 data he sees, and the
functionality of the tools he can find to process it, my feeling would
be to take a look at ASN.1 itself. And not particularly look for
security problems, but difficulty of implementation, and possibly of

If a spec is hard to implement, surely it's hard to implement securely.
Certainly that applies if it's hard to understand.

If it is hard to implement, what is gained by the tradeoff?

Frank Richards


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS