[14519] in cryptography@c2.net mail archive
Re: [e-lang] Re: Protocol implementation errors
daemon@ATHENA.MIT.EDU (Jeroen C.van Gelderen)
Mon Oct 6 11:39:34 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 6 Oct 2003 10:29:46 -0400
Cc: cryptography@metzdowd.com, frantz@pwpconsult.com
To: e-lang@mail.eros-os.org
From: Jeroen C.van Gelderen <jeroen@vangelderen.org>
In-Reply-To: <1065366239.31443.15.camel@deskjob.eros-os.org>
On Sunday, Oct 5, 2003, at 11:03 US/Eastern, Jonathan S. Shapiro wrote:
> Peter:
>
> I agree that ASN.1 is statically checkable, and that this is an
> important property.
>
> However, ASN.1 is notoriously hard to parse, which leads to errors.
I take it you a saying that ASN.1 syntax is hard to parse? Having
written two parsers (C & Java) I can say that ASN.1's DER encoding is
in fact straightforward to parse correctly, provided that you don't
underestimate the task *and* you create and use an 'exhaustive' test
suite.
The problems with ASN.1 seem to stem more from its ISO heritage and
dense specifications. That and the fact that a low-level bit-packing
library isn't as glamorous as writing crypto and thus doesn't get as
much scrutiny as other parts of protocol libraries.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
