Yo dawg, I heard you like ASN.1pic.twitter.com/HZnSk07Er4
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
@bascule @AlecMuffett ASN.1 is Satan's work.
@kebesays @bascule @AlecMuffett Playing with JSON is begging yourself for DOS or security fail. Case in point: JOSE and the crazy schemas
@sleevi_ @kebesays @AlecMuffett and the corresponding analogue for ASN.1 is RCE?
@bascule @kebesays @AlecMuffett With DER parsing, a little fuzzing and ASAN goes a long way. With JSON, it's logic bugs all the way down.
@sleevi_ @kebesays @AlecMuffett we've been systematically replacing CMS with JWE/JWS throughout our infrastructure and it feels great
@bascule @sleevi_ @kebesays @AlecMuffett I go for CSV, and if there's a new field conflict we sort it out with rock-paper-scissors
@mik235 @sleevi_ @kebesays @AlecMuffett that particular property of JSON is definitely a LANGSEC violation...
@bascule I thought the consensus was that ASN.1 is too complex for us mere humans
@gcouprie there's a growing movement that ASN.1 should be "deprecated" and we should use e.g. JOSE for future protocols, I think/hope
@ln4711 @gcouprie I like @capnproto too ;)
@bascule @ln4711 @capnproto there's nothing wrong with binary protocols. The problem comes from the awful parsing tools :)
@gcouprie @ln4711 @CapnProto Heimdal generates ASN.1 parsers, but only in C, and not general enough to cover crap like the OP
@bascule i hear it's like democracy, the least bad option
@bascule mmm, yeah, any encoding where they specify "ambiguous encoding/BER", "nonambiguous encoding/DER" and "xml encoding" is probably bad
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.