OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Fwd: [e-lang] Protocol implementation errors

[ Lists Home | Date Index | Thread Index ]

Tyler Close wrote,
> On Friday 03 October 2003 15:06, Rich Salz wrote:
> > In every case so far, it's been untested code paths.  As others
> > have said, that's not ASN1/[BDPX]ER's fault.
>
> What if the design of ASN1/[BDPX]ER yields many more code paths
> than other designs? Is that a design flaw?

Arguably it might be if that were the case. Is it tho'? Can you show 
that the design of ASN1/[BDPX]ER is such that all plausible 
implementations must have "many" more code paths than a plausible 
implementation of a validating XML parser (or XML+WXS, or XML+RNG, or 
XML+RNG+XSD)? I'd be happy to be corrected, but _intutively_ I find 
that somewhat implausible.

Personally, based on a mild acquaintance with with the OpenSSL source, I 
think the bulk of the responsibility for the recent and not so recent 
OpenSSL flaws lies neither with the design of ASN1/[BDPX]ER, nor with 
sloppy coders, but with a large and by now somewhat crufty legacy 
codebase.

Cheers,


Miles




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS