OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Fwd: [e-lang] Protocol implementation errors

[ Lists Home | Date Index | Thread Index ]

Tyler Close wrote,
> On Friday 03 October 2003 15:49, Miles Sabin wrote:
> > Arguably it might be if that were the case. Is it tho'? Can you
> > show that the design of ASN1/[BDPX]ER is such that all plausible
> > implementations must have "many" more code paths than a plausible
> > implementation of a validating XML parser (or XML+WXS, or XML+RNG,
> > or XML+RNG+XSD)?
> That's not my job. I'm not the one proposing a change in
> implementation tools, the ASN.1 advocates are.

Depends how you look at it. ASN.1 has a long and relatively successful 
history of use directly in network protocol elements. XML has a (not 
quite so long) history as passive protocol _payload_, but it's use 
directly in network protocol elements is comparatively novel with 

So who's proposing the change? Maybe the burden of proof lies with 
ASN.1's detractors?

> > Personally, based on a mild acquaintance with with the OpenSSL
> > source, I think the bulk of the responsibility for the recent and
> > not so recent OpenSSL flaws lies neither with the design of
> > ASN1/[BDPX]ER, nor with sloppy coders, but with a large and by now
> > somewhat crufty legacy codebase.
> Everybody gets crufty eventually. The design must cope with that.

Now you're just being silly.




News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS