Hi - > From: "Steven M. Bellovin" <[EMAIL PROTECTED]> > To: "Randy Presuhn" <[EMAIL PROTECTED]> > Cc: <[email protected]> > Sent: Monday, June 05, 2006 4:09 PM > Subject: Re: Best practice for data encoding? ... > > I'm curious, too, about the claim that this has resulted in security > > problems. Could someone elaborate? > > > See http://www.cert.org/advisories/CA-2002-03.html ...
I remember that exercise. I don't see it as convincing evidence that the use of ASN.1 was the cause of the problems some implementations had; I doubt that someone who had buffer overflow problems when processing a BER-encoded octet string (where the length is explicitly encoded) would have had any better results with XML or any other representation. Randy _______________________________________________ Ietf mailing list [email protected] https://www1.ietf.org/mailman/listinfo/ietf
