Whenever I complain about ASN.1 there's this sort of "ASN.1 is fine" backlash and then I see shit like this: http://trac.tools.ietf.org/wg/trans/trac/ticket/14 …
@sleevi_ @kebesays @AlecMuffett we've been systematically replacing CMS with JWE/JWS throughout our infrastructure and it feels great
-
-
@bascule@sleevi_@kebesays@AlecMuffett I go for CSV, and if there's a new field conflict we sort it out with rock-paper-scissors -
@mik235@sleevi_@kebesays@AlecMuffett that particular property of JSON is definitely a LANGSEC violation... -
@bascule@sleevi_@kebesays@AlecMuffett arguing XML vs JSON vs ASN.1 is a stupid argument. They all do too much AND not enough. -
@bascule@sleevi_@kebesays@AlecMuffett but sometimes you just need to pick a winner, make it work and move on. Life's too short. -
@mik235@sleevi_@kebesays@AlecMuffett XML and ASN.1 seem to be frequently associated with remote code execution or severe parsing bugs -
@bascule@sleevi_@kebesays@AlecMuffett that's more about the code. Look at libxml2 bugs vs Chrome/Firefox bugs. -
@mik235@sleevi_@kebesays@AlecMuffett I'm sure Chrome and Firefox do a great job, but XML is everywhere and extremely dangerous -
@mik235@sleevi_@kebesays@AlecMuffett two words: SAML XXE
End of conversation
New conversation -
-
-
@bascule@kebesays@AlecMuffett Well, yes, throwing CMS out makes everything better. Not because ASN.1, but because OH MY GOD CMS IT BURNS!! -
@sleevi_@kebesays@AlecMuffett did I mention the main thing I work on is LDAP? And I'm actually considering writing an LDAP server o_O -
@bascule@kebesays@AlecMuffett My heart goes out for you. BER is awful. Awful awful
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.