[
Lists Home |
Date Index |
Thread Index
]
On Saturday 04 October 2003 02:52, Miles Sabin wrote:
> Rich Salz wrote,
>
> > Tyler Close wrote,
> >
> > > A list of legacy apps that use ASN.1, and haven't experienced the
> > > same problems as OpenSSL and SNMP, would do fine. Surely someone
> > > must have safely implemented it.
> >
> > The international phone system.
Interesting. Can you be more specific?
> That's a good answer to a different question.
No, it's close to the answer I was looking for.
> Tyler originally asked for examples of applications which "have not had
> long-lived bugs in their ASN.1 code", which I can only make sense of as
> a request for examples of applications without long-lived
> _undiscovered_ bugs in their ASN.1 code (otherwise OpenSSL would
> qualify, since it's bugs have been fixed pretty quickly once
> discovered).
>
> But that's an impossible request, short of a formal proof of correctness
> of those ASN.1 _implementations_ and, since such proofs are likely to
> be too complex to be done manually, proofs of the correctness of the
> model-checking software that's used to produce them (then iterate ad
> nauseam). I'd be interested to hear of _any_ non-trivial piece of
> software which comes with this kind of guarantee.
On Friday 03 October 2003 16:22, Miles Sabin wrote:
> Now you're just being silly.
Right back at you.
Tyler
|
