Lists Home |
Date Index |
Rich Salz wrote,
> Tyler Close wrote,
> > A list of legacy apps that use ASN.1, and haven't experienced the
> > same problems as OpenSSL and SNMP, would do fine. Surely someone
> > must have safely implemented it.
> The international phone system.
That's a good answer to a different question.
Tyler originally asked for examples of applications which "have not had
long-lived bugs in their ASN.1 code", which I can only make sense of as
a request for examples of applications without long-lived
_undiscovered_ bugs in their ASN.1 code (otherwise OpenSSL would
qualify, since it's bugs have been fixed pretty quickly once
But that's an impossible request, short of a formal proof of correctness
of those ASN.1 _implementations_ and, since such proofs are likely to
be too complex to be done manually, proofs of the correctness of the
model-checking software that's used to produce them (then iterate ad
nauseam). I'd be interested to hear of _any_ non-trivial piece of
software which comes with this kind of guarantee.