[e-lang] Re: Protocol implementation errors
Jeroen C.van Gelderen
jeroen at vangelderen.org
Mon Oct 6 10:29:46 EDT 2003
On Sunday, Oct 5, 2003, at 11:03 US/Eastern, Jonathan S. Shapiro wrote:
> Peter:
>
> I agree that ASN.1 is statically checkable, and that this is an
> important property.
>
> However, ASN.1 is notoriously hard to parse, which leads to errors.
I take it you a saying that ASN.1 syntax is hard to parse? Having
written two parsers (C & Java) I can say that ASN.1's DER encoding is
in fact straightforward to parse correctly, provided that you don't
underestimate the task *and* you create and use an 'exhaustive' test
suite.
The problems with ASN.1 seem to stem more from its ISO heritage and
dense specifications. That and the fact that a low-level bit-packing
library isn't as glamorous as writing crypto and thus doesn't get as
much scrutiny as other parts of protocol libraries.
-J
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list