Lists Home |
Date Index |
Tyler Close wrote,
> On Friday 03 October 2003 15:49, Miles Sabin wrote:
> > Arguably it might be if that were the case. Is it tho'? Can you
> > show that the design of ASN1/[BDPX]ER is such that all plausible
> > implementations must have "many" more code paths than a plausible
> > implementation of a validating XML parser (or XML+WXS, or XML+RNG,
> > or XML+RNG+XSD)?
> That's not my job. I'm not the one proposing a change in
> implementation tools, the ASN.1 advocates are.
Depends how you look at it. ASN.1 has a long and relatively successful
history of use directly in network protocol elements. XML has a (not
quite so long) history as passive protocol _payload_, but it's use
directly in network protocol elements is comparatively novel with
XML-RPC or SOAP/WSDL/WS-CHOR or XMPP.
So who's proposing the change? Maybe the burden of proof lies with
> > Personally, based on a mild acquaintance with with the OpenSSL
> > source, I think the bulk of the responsibility for the recent and
> > not so recent OpenSSL flaws lies neither with the design of
> > ASN1/[BDPX]ER, nor with sloppy coders, but with a large and by now
> > somewhat crufty legacy codebase.
> Everybody gets crufty eventually. The design must cope with that.
Now you're just being silly.