On Mon, 5 Jun 2006 16:06:28 -0700, "Randy Presuhn" <randy_presuhn@xxxxxxxxxxxxxx> wrote: > Hi - > > > From: "Iljitsch van Beijnum" <iljitsch@xxxxxxxxx> > > To: "IETF Discussion" <ietf@xxxxxxxx> > > Sent: Monday, June 05, 2006 2:43 PM > > Subject: Best practice for data encoding? > ... > > Then there is the ASN.1 route, but as we can see with > > SNMP, this also requires lots of code and is very (security) bug > > prone. > ... > > Having worked on SNMP toolkits for a long time, I'd have to > strenuously disagree. In my experience, the ASN.1/BER-related > code is a rather small portion of an SNMP protocol engine. > The code related to the SNMP protocol's quirks, such as Get-Next/Bulk > processing and the mangling of index values into object identifiers > (which is far removed from how ASN.1 intended object identifiers > to be used) require much more code and complexity. Yah -- measure first, then optimize. > > I'm curious, too, about the claim that this has resulted in security > problems. Could someone elaborate? > See http://www.cert.org/advisories/CA-2002-03.html --Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf