Also, blaming ASN.1 for a vulnerability in an unsafe, untyped program is basically victim blaming. Stop doing that, folks. C is the problem.
@bmastenbrook exactly why it'd be nice to use a serialization format with codegen for many platforms
-
-
@bascule sure, no argument there. I'd bet that a safe ASN.1 implementation is easier than convincing the world to drop X.509 though... -
@bmastenbrook JOSE seems to be gaining traction. We'll see if someone uses it to make a TLS-compatible certificate format -
@bascule Looking from an attacker's perspective, a JSON-based encoding implemented in C is very exciting indeed. :-)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.