On Mon, 5 Jun 2006 16:06:28 -0700, "Randy Presuhn"
<[EMAIL PROTECTED]> wrote:

> Hi -
> 
> > From: "Iljitsch van Beijnum" <[EMAIL PROTECTED]>
> > To: "IETF Discussion" <ietf@ietf.org>
> > Sent: Monday, June 05, 2006 2:43 PM
> > Subject: Best practice for data encoding?
> ...
> > Then there is the ASN.1 route, but as we can see with  
> > SNMP, this also requires lots of code and is very (security) bug  
> > prone.
> ...
> 
> Having worked on SNMP toolkits for a long time, I'd have to
> strenuously disagree.  In my experience, the ASN.1/BER-related
> code is a rather small portion of an SNMP protocol engine.
> The code related to the SNMP protocol's quirks, such as Get-Next/Bulk
> processing and the mangling of index values into object identifiers
> (which is far removed from how ASN.1 intended object identifiers
> to be used) require much more code and complexity.

Yah -- measure first, then optimize.

> 
> I'm curious, too, about the claim that this has resulted in security
> problems.  Could someone elaborate?
> 
See http://www.cert.org/advisories/CA-2002-03.html



                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Reply via email to