On 3/28/14 at 11:47 AM, [email protected] (Erwann Abalea) wrote:
I don't see the problem with ASN.1.
IMHO, the problem with ASN.1 is that it is too complex. There
exists a history of attacks on computer security by sending
malformed ASN.1 irritating bugs in ASN.1 encoders. In addition,
the ability to specify "infinite" length data has caused buffer overruns.
ASN.1 fans my say that these bugs have all been fixed, and they
may be right if no new ASN.1 interpreters are written.
However, complexity is always a bad thing in a security
protocol. Make it only as complex as necessary, and no more complex.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"We used to quip that "password" is the most common
408-356-8506 | password. Now it's 'password1.' Who said
users haven't
www.pwpconsult.com | learned anything about security?" -- Bruce Schneier
_______________________________________________
Trans mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/trans
