Re: [Trans] RFC6962 BIS Log file encodings.

Bill Frantz <frantz@pwpconsult.com> Sat, 29 March 2014 22:49 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E68C1A0809 for <trans@ietfa.amsl.com>; Sat, 29 Mar 2014 15:49:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4jJqNygr_Gf for <trans@ietfa.amsl.com>; Sat, 29 Mar 2014 15:49:52 -0700 (PDT)
Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]) by ietfa.amsl.com (Postfix) with ESMTP id D1D5C1A07FC for <trans@ietf.org>; Sat, 29 Mar 2014 15:49:52 -0700 (PDT)
Received: from [174.240.36.91] (helo=Williams-MacBook-Pro.local) by elasmtp-junco.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <frantz@pwpconsult.com>) id 1WU24R-0007zz-MD; Sat, 29 Mar 2014 17:49:48 -0500
Date: Sat, 29 Mar 2014 15:49:10 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Erwann Abalea <eabalea@gmail.com>
X-Priority: 3
In-Reply-To: <CA+i=0E7FecAG_Dq2VAtyqrrsiHzkt9jgPfAL_BJ9mm4-G58n2w@mail.gmail.com>
Message-ID: <r422Ps-1075i-50EDDACBA0064390A2CED9708B9D3E07@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.3.1 (422)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec79be8b242ff013a55c12a16257472c9942350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 174.240.36.91
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/4tktcnuWIbWPV57XopVHMprerPU
Cc: trans@ietf.org, Rob Stradling <rob.stradling@comodo.com>, Phillip Hallam-Baker <hallam@gmail.com>, Rick Andrews <Rick_Andrews@symantec.com>, Eran Messeri <eranm@google.com>
Subject: Re: [Trans] RFC6962 BIS Log file encodings.
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Mar 2014 22:49:54 -0000

On 3/28/14 at 11:47 AM, eabalea@gmail.com (Erwann Abalea) wrote:

>I don't see the problem with ASN.1.

IMHO, the problem with ASN.1 is that it is too complex. There 
exists a history of attacks on computer security by sending 
malformed ASN.1 irritating bugs in ASN.1 encoders. In addition, 
the ability to specify "infinite" length data has caused buffer overruns.

ASN.1 fans my say that these bugs have all been fixed, and they 
may be right if no new ASN.1 interpreters are written.

However, complexity is always a bad thing in a security 
protocol. Make it only as complex as necessary, and no more complex.

Cheers - Bill

---------------------------------------------------------------------------
Bill Frantz        |"We used to quip that "password" is the most common
408-356-8506       | password. Now it's 'password1.' Who said 
users haven't
www.pwpconsult.com | learned anything about security?" -- Bruce Schneier