[
Lists Home |
Date Index |
Thread Index
]
- To: Tyler Close <tyler@waterken.com>
- Subject: Re: [xml-dev] Fwd: [e-lang] Protocol implementation errors
- From: Rich Salz <rsalz@datapower.com>
- Date: Fri, 03 Oct 2003 15:06:34 -0400
- Cc: xml-dev@lists.xml.org
- In-reply-to: <E1A5UmM-0002vn-00@canteen> tests=EMAIL_ATTRIBUTION,FWD_MSG,IN_REP_TO,QUOTED_EMAIL_TEXT, REFERENCES,REPLY_WITH_QUOTES version=2.55
- References: <15725CF6AFE2F34DB8A5B4770B7334EE03F9ED55@hq1.pcmail.ingr.com> <E1A5Tr8-0002uw-00@canteen> <3F7DBBB8.9080802@datapower.com> <E1A5UmM-0002vn-00@canteen> tests=EMAIL_ATTRIBUTION,FWD_MSG,IN_REP_TO,QUOTED_EMAIL_TEXT, REFERENCES,REPLY_WITH_QUOTES version=2.55
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507
> Are you saying it doesn't make sense to ask why ASN.1 has been
> vulnerable to long-lived bugs? We are not talking about just one
> bug in just one implementation.
In every case so far, it's been untested code paths. As others have
said, that's not ASN1/[BDPX]ER's fault.
> Using a technology without studying its past failures is not good
> engineering practice.
Thanks for the lesson.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
|
