• To: "xml-dev@l..." <xml-dev@l...>
• Subject: Re: Fwd: [e-lang] Protocol implementation errors
• From: Miles Sabin <miles@m...>
• Date: Sat, 4 Oct 2003 07:52:49 +0100
• In-reply-to: <Pine.LNX.4.44L0.0310032032450.23488-100000@s...>
• References: <Pine.LNX.4.44L0.0310032032450.23488-100000@s...>
• Sender: Miles Sabin <miles@m...>
• User-agent: KMail/1.5.1

Rich Salz wrote,
> Tyler Close wrote,
> > A list of legacy apps that use ASN.1, and haven't experienced the
> > same problems as OpenSSL and SNMP, would do fine.  Surely someone
> > must have safely implemented it.
>
> The international phone system.

That's a good answer to a different question.

Tyler originally asked for examples of applications which "have not had 
long-lived bugs in their ASN.1 code", which I can only make sense of as 
a request for examples of applications without long-lived 
_undiscovered_ bugs in their ASN.1 code (otherwise OpenSSL would 
qualify, since it's bugs have been fixed pretty quickly once 
discovered).

But that's an impossible request, short of a formal proof of correctness 
of those ASN.1 _implementations_ and, since such proofs are likely to 
be too complex to be done manually, proofs of the correctness of the 
model-checking software that's used to produce them (then iterate ad 
nauseam). I'd be interested to hear of _any_ non-trivial piece of 
software which comes with this kind of guarantee.

Cheers,


Miles

• Follow-Ups:
  • Re: Fwd: [e-lang] Protocol implementation errors
    • From: Tyler Close <tyler@w...>

• References:
  • Re: Fwd: [e-lang] Protocol implementation errors
    • From: Rich Salz <rsalz@d...>

• Prev by Date: Re: stupid deterministic content model question
• Next by Date: Re: Fwd: [e-lang] Protocol implementation errors
• Previous by thread: Re: Fwd: [e-lang] Protocol implementation errors
• Next by thread: Re: Fwd: [e-lang] Protocol implementation errors
• Index(es):
  • Date
  • Thread