Re: Best practice for data encoding?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Best practice for data encoding?
Hi -
> From: "Steven M. Bellovin" <smb at cs.columbia.edu>
> To: "Randy Presuhn" <randy_presuhn at mindspring.com>
> Cc: <ietf at ietf.org>
> Sent: Monday, June 05, 2006 4:09 PM
> Subject: Re: Best practice for data encoding?
...
> > I'm curious, too, about the claim that this has resulted in security
> > problems. Could someone elaborate?
> >
> See http://www.cert.org/advisories/CA-2002-03.html
...
I remember that exercise. I don't see it as convincing evidence that
the use of ASN.1 was the cause of the problems some implementations
had; I doubt that someone who had buffer overflow problems when
processing a BER-encoded octet string (where the length is explicitly
encoded) would have had any better results with XML or any other
representation.
Randy
_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf
Note Well: Messages sent to this mailing list are the opinions
of the senders and do not imply endorsement by the IETF.
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
