| |||||||||||||
TLS renegotiation vulnerabilityTLS renegotiation vulnerabilityPosted Nov 23, 2009 0:17 UTC (Mon) by foom (subscriber, #14868)In reply to: TLS renegotiation vulnerability by Cyberax Parent article: TLS renegotiation vulnerability
> Well, if I had a choice between ASN.1 and insanely complex XML rules, then I'd still choose XML.
That's a bit silly. Have you ever looked at ASN.1? It's really quite trivial. So much easier than XML,
http://en.wikipedia.org/wiki/Basic_Encoding_Rules
Certificates actually use DER, which is a slightly restricted subset of BER:
(Log in to post comments)
TLS renegotiation vulnerability Posted Nov 23, 2009 8:26 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
Unfortunately, I've worked with it. And that's why I'm quite sure: wherever ASN.1 goes, destruction and pain follows. Examples: LDAP, SNMP, SSL/TLS, Kerberos.
To be fair, XML canonicalization rules are designed for arbitrary XML. It's possible to simplify them by using a subset of XML. For example, by restricting entities, CDATA and namespace use.
In any case, less complex formats like JSON can be used instead of XML.
TLS renegotiation vulnerability Posted Nov 23, 2009 13:50 UTC (Mon) by quotemstr (subscriber, #45331) [Link] wherever ASN.1 goes, destruction and pain follows. Examples: LDAP, SNMP, SSL/TLS, Kerberos.You have an interesting definition of "destruction and pain". These protocols are used all over the place and are successful by any measure.
TLS renegotiation vulnerability Posted Nov 23, 2009 15:49 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
Do you know how to make a simple request with LDAP? Can you write a simple LDAP Ping using plain sockets?
I can easily do this for HTTP/FTP/SMTP even IMAP. I don't even want to contemplate this for SSL/TLS.
That's the problem, it's impossible to create a simple client for SSL.
|
|||||||||||||