[VOIPSEC] [SearchSecurity.com] Better VoIP training needed, SANS director says

Jon Callas jon at pgpeng.com
Tue Dec 12 01:30:18 GMT 2006

On 11 Dec 2006, at 6:16 AM, Geoff Devine wrote:

> H.323 is complex but that has nothing to do with ASN.1 encoding.   
> In my opinion, Type-Length-Value encodings are a necessary part of  
> creating a secure computing environment.  With TLVs, you can easily  
> check each object for valid contents that won't damage the network  
> in a computer-friendly way that is testable for completeness.

Gosh, I feel like someone has dangled a red flag in front of my  
particular sort of bullishness.

Saying that ASN.1 isn't a problem because it's just a TLV encoding  
(as you appear to) is somewhat like saying that software isn't a  
problem because it's just a series of 1s and 0s, and that's only two  
things to keep track of, so how hard can that be?

A reason this is a red flag to me that I'm rising to is that it seems  
to imply that something is TLV if and only if it is ASN.1. Another  
reason it is a flag is it seems to imply that the only objection one  
could have to ASN.1 is its nature as a TLV coding scheme.

My short reply therefore is to state that there are TLV systems that  
are not ASN.1, and the problems with ASN.1 are not that it is a TLV.  
As a matter of fact, one of the few nice things I might about ASN.1  
is that it's a TLV system.


Jon Callas
PGP Corporation         Tel: +1 (650) 319-9016
3460 West Bayshore      Fax: +1 (650) 319-9001
Palo Alto, CA 94303     PGP: ed15 5bdf cd41 adfc 00f3
USA                          28b6 52bf 5a46 bc98 e63d

More information about the Voipsec mailing list