On 15. Oct 2023, at 18:10, Denis wrote:
>
> Hi Brian and Orie,
>
> In the "old days", such problem did not existed. The prime example is using
> ASN.1 / DER where the decoder can first know the full size of the message
> using two or more bytes after the first byte that must contain the value
All,
The *NomCom *is tasked with selecting the *IETF leadership*, like the IESG
and the IAB.
For the NomCom to be able to make an informed decision, they need feedback
from the *wider IETF community*.
Please, consider allocating some time to provide feedback on people that
you interacted with to
Hi Brian and Orie,
In the "old days", such problem did not existed. The prime example is
using ASN.1 / DER where the decoder can first know the full size of the
message
using two or more bytes after the first byte that must contain the value
30 (SEQUENCE). Then after, the server was knowing
On 2023-10-13, at 01:01, Orie Steele wrote:
>
> scenarios where an attacker can exploit a vulnerable json parser,
Do not use a vulnerable JSON parser, then.
(One of the main motivations for a standards-based representation format is
that you get access to debugged implementations of those.
