[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, SANS director says
Jon Callas
jon at pgpeng.com
Tue Dec 12 01:30:18 GMT 2006
On 11 Dec 2006, at 6:16 AM, Geoff Devine wrote:
>
> H.323 is complex but that has nothing to do with ASN.1 encoding.
> In my opinion, Type-Length-Value encodings are a necessary part of
> creating a secure computing environment. With TLVs, you can easily
> check each object for valid contents that won't damage the network
> in a computer-friendly way that is testable for completeness.
Gosh, I feel like someone has dangled a red flag in front of my
particular sort of bullishness.
Saying that ASN.1 isn't a problem because it's just a TLV encoding
(as you appear to) is somewhat like saying that software isn't a
problem because it's just a series of 1s and 0s, and that's only two
things to keep track of, so how hard can that be?
A reason this is a red flag to me that I'm rising to is that it seems
to imply that something is TLV if and only if it is ASN.1. Another
reason it is a flag is it seems to imply that the only objection one
could have to ASN.1 is its nature as a TLV coding scheme.
My short reply therefore is to state that there are TLV systems that
are not ASN.1, and the problems with ASN.1 are not that it is a TLV.
As a matter of fact, one of the few nice things I might about ASN.1
is that it's a TLV system.
Jon
--
Jon Callas
CTO, CSO
PGP Corporation Tel: +1 (650) 319-9016
3460 West Bayshore Fax: +1 (650) 319-9001
Palo Alto, CA 94303 PGP: ed15 5bdf cd41 adfc 00f3
USA 28b6 52bf 5a46 bc98 e63d
More information about the Voipsec
mailing list