From: "Steven M. Bellovin" <smb(_at_)cs(_dot_)columbia(_dot_)edu>
To: "Randy Presuhn" <randy_presuhn(_at_)mindspring(_dot_)com>
Sent: Monday, June 05, 2006 4:09 PM
Subject: Re: Best practice for data encoding?
I'm curious, too, about the claim that this has resulted in security
problems. Could someone elaborate?
I remember that exercise. I don't see it as convincing evidence that
the use of ASN.1 was the cause of the problems some implementations
had; I doubt that someone who had buffer overflow problems when
processing a BER-encoded octet string (where the length is explicitly
encoded) would have had any better results with XML or any other
Ietf mailing list