On Mon, 5 Jun 2006, Steven M. Bellovin wrote:
On Mon, 5 Jun 2006 16:06:28 -0700, "Randy Presuhn"
<randy_presuhn(_at_)mindspring(_dot_)com> wrote:
I'm curious, too, about the claim that this has resulted in security
problems. Could someone elaborate?
See http://www.cert.org/advisories/CA-2002-03.html
ASN.1 implementation bugs have also caused security problems for SSL,
Kerberos, ISAKMP, and probably others. These bugs are also not due to
shared code history: they turn up again and again.
Are there any other binary protocols that can be usefully compared with
ASN.1's security history?
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
THE MULL OF GALLOWAY TO MULL OF KINTYRE INCLUDING THE FIRTH OF CLYDE AND THE
NORTH CHANNEL: VARIABLE 2 OR 3 WITH AFTERNOON ONSHORE SEA BREEZES. FAIR
VISIBILITY: MODERATE OR GOOD WITH MIST OR FOG PATCHES SEA STATE: SMOOTH OR
SLIGHT.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf