On Mon, 5 Jun 2006, Steven M. Bellovin wrote: > On Mon, 5 Jun 2006 16:06:28 -0700, "Randy Presuhn" > <randy_presuhn@xxxxxxxxxxxxxx> wrote: > > > > I'm curious, too, about the claim that this has resulted in security > > problems. Could someone elaborate? > > See http://www.cert.org/advisories/CA-2002-03.html ASN.1 implementation bugs have also caused security problems for SSL, Kerberos, ISAKMP, and probably others. These bugs are also not due to shared code history: they turn up again and again. Are there any other binary protocols that can be usefully compared with ASN.1's security history? Tony. -- f.a.n.finch <dot@xxxxxxxx> http://dotat.at/ THE MULL OF GALLOWAY TO MULL OF KINTYRE INCLUDING THE FIRTH OF CLYDE AND THE NORTH CHANNEL: VARIABLE 2 OR 3 WITH AFTERNOON ONSHORE SEA BREEZES. FAIR VISIBILITY: MODERATE OR GOOD WITH MIST OR FOG PATCHES SEA STATE: SMOOTH OR SLIGHT. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf