On Sat, Oct 04, 2003 at 05:58:49PM +1200, Peter Gutmann wrote:
Bill Frantz [EMAIL PROTECTED] writes:
This is the second significant problem I have seen in applications that use
ASN.1 data formats. (The first was in a widely deployed implementation of
SNMP.) Given that good, security
Markus Friedl [EMAIL PROTECTED] writes:
On Sat, Oct 04, 2003 at 05:58:49PM +1200, Peter Gutmann wrote:
We've already seen half the
SSH implementations in existence taken out by the SSH malformed-packet
vulnerabilities,
I don't think so.
According to the CERT advisory, roughly half of all
At 02:41 PM 10/5/2003 Sunday, Tyler Close wrote:
On Sunday 05 October 2003 11:03, Jonathan S. Shapiro wrote:
Peter:
I agree that ASN.1 is statically checkable, and that this is an
important property.
What exactly does it mean for a format to be statically
checkable?
Peter's statement was:
Jerrold Leichter [EMAIL PROTECTED] writes:
Both of these are helped by a well-specified low-level syntax. TLV encoding
lets you cross-check all sorts of stuff automatically, once, in low-level
calls. Ad hoc protocols scatter the validation all over the place - and some
of it will inevitably be
| This is the second significant problem I have seen in applications that use
| ASN.1 data formats. (The first was in a widely deployed implementation of
| SNMP.) Given that good, security conscience programmers have difficultly
| getting ASN.1 parsing right, we should favor protocols that use
Bill Frantz [EMAIL PROTECTED] writes:
This is the second significant problem I have seen in applications that use
ASN.1 data formats. (The first was in a widely deployed implementation of
SNMP.) Given that good, security conscience programmers have difficultly
getting ASN.1 parsing right, we