On Mon, 5 Jun 2006 16:06:28 -0700, "Randy Presuhn"
<randy_presuhn(_at_)mindspring(_dot_)com> wrote:
Hi -
From: "Iljitsch van Beijnum" <iljitsch(_at_)muada(_dot_)com>
To: "IETF Discussion" <ietf(_at_)ietf(_dot_)org>
Sent: Monday, June 05, 2006 2:43 PM
Subject: Best practice for data encoding?
...
Then there is the ASN.1 route, but as we can see with
SNMP, this also requires lots of code and is very (security) bug
prone.
...
Having worked on SNMP toolkits for a long time, I'd have to
strenuously disagree. In my experience, the ASN.1/BER-related
code is a rather small portion of an SNMP protocol engine.
The code related to the SNMP protocol's quirks, such as Get-Next/Bulk
processing and the mangling of index values into object identifiers
(which is far removed from how ASN.1 intended object identifiers
to be used) require much more code and complexity.
Yah -- measure first, then optimize.
I'm curious, too, about the claim that this has resulted in security
problems. Could someone elaborate?
See http://www.cert.org/advisories/CA-2002-03.html
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf