Also, blaming ASN.1 for a vulnerability in an unsafe, untyped program is basically victim blaming. Stop doing that, folks. C is the problem.
-
-
Replying to @bmastenbrook
.
@bmastenbrook and what about BERserk? C is a problem, but ASN.1 is also a problem...3 replies 0 retweets 0 likes -
Replying to @bmastenbrook
@bmastenbrook or we could switch to JOSE or protobufs or capnp or something else that isn't so error-prone1 reply 0 retweets 0 likes -
Replying to @bmastenbrook
@bmastenbrook at least in the case of something like protobufs or capnp, they'll generate the parser for you...2 replies 0 retweets 0 likes
@bmastenbrook Heimdal does this for ASN.1, but last I checked it's too primitive to be used on in-the-wild X.509 certs
3:40 PM - 19 Jan 2015
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.