ietf
[Top] [All Lists]

Re: Pretty clear ... SIP

2003-08-23 21:40:13
Hi -

From: "Karl Auerbach" <karl(_at_)cavebear(_dot_)com>
To: "IETF" <ietf(_at_)ietf(_dot_)org>
Sent: Saturday, August 23, 2003 7:03 PM
Subject: Re: Pretty clear ... SIP


On Sat, 23 Aug 2003, Dean Anderson wrote:

H.323 and ASN.1 eventually surpass ...

Ummm, based on my own direct experience with ASN.1 since the mid 1980's
(X.400, SNMP, CMIP...), I disagree.

It has been my experience that ASN.1, no matter which encoding rules are
used, has proven to be a failure and lingering interoperability and
denial-of-service disaster.

For example, the flaws in ASN.1 parsers in SNMP engines have proven to be
a decades+ old vulnerability for the net.
...

In fairness,
    1) SNMP's (ab)use of ASN.1 pretty much precludes the use of ASN.1 compiler
         technology.  All the implementations I know of used hand-coded 
encoders and
         decoders.  The vulnerabilities aren't a result of ASN.1, but rather of 
trusting
         humans to do a compiler's job.
    2) Dean was specifically writing about PER, which can be *much* more compact
        than BER would ever hope to be.  PER can potentially result in a more 
compact
        encoding than applying compression to a single packet.  Look at the 
spec to see
        why.

Randy





<Prev in Thread] Current Thread [Next in Thread>