Hi -
> From: "Karl Auerbach" <karl@cavebear.com>
> To: "IETF" <ietf@ietf.org>
> Sent: Saturday, August 23, 2003 7:03 PM
> Subject: Re: Pretty clear ... SIP
>
> On Sat, 23 Aug 2003, Dean Anderson wrote:
>
> > H.323 and ASN.1 eventually surpass ...
>
> Ummm, based on my own direct experience with ASN.1 since the mid 1980's
> (X.400, SNMP, CMIP...), I disagree.
>
> It has been my experience that ASN.1, no matter which encoding rules are
> used, has proven to be a failure and lingering interoperability and
> denial-of-service disaster.
>
> For example, the flaws in ASN.1 parsers in SNMP engines have proven to be
> a decades+ old vulnerability for the net.
...
In fairness,
1) SNMP's (ab)use of ASN.1 pretty much precludes the use of ASN.1 compiler
technology. All the implementations I know of used hand-coded encoders and
decoders. The vulnerabilities aren't a result of ASN.1, but rather of trusting
humans to do a compiler's job.
2) Dean was specifically writing about PER, which can be *much* more compact
than BER would ever hope to be. PER can potentially result in a more compact
encoding than applying compression to a single packet. Look at the spec to see
why.
Randy