Hi -
From: "Karl Auerbach" <karl(_at_)cavebear(_dot_)com>
To: "IETF" <ietf(_at_)ietf(_dot_)org>
Sent: Saturday, August 23, 2003 7:03 PM
Subject: Re: Pretty clear ... SIP
On Sat, 23 Aug 2003, Dean Anderson wrote:
H.323 and ASN.1 eventually surpass ...
Ummm, based on my own direct experience with ASN.1 since the mid 1980's
(X.400, SNMP, CMIP...), I disagree.
It has been my experience that ASN.1, no matter which encoding rules are
used, has proven to be a failure and lingering interoperability and
denial-of-service disaster.
For example, the flaws in ASN.1 parsers in SNMP engines have proven to be
a decades+ old vulnerability for the net.
...
In fairness,
1) SNMP's (ab)use of ASN.1 pretty much precludes the use of ASN.1 compiler
technology. All the implementations I know of used hand-coded
encoders and
decoders. The vulnerabilities aren't a result of ASN.1, but rather of
trusting
humans to do a compiler's job.
2) Dean was specifically writing about PER, which can be *much* more compact
than BER would ever hope to be. PER can potentially result in a more
compact
encoding than applying compression to a single packet. Look at the
spec to see
why.
Randy