Hacker News new | past | comments | ask | show | jobs | submit login

Parser differential exploits are a understated problem, especially with ASN.1, which I didn't expect to see anyone thinking about. Kudos on this initiative!



I understand that it is a problem but I'm more used to seeing arguments that monocultures and single implementations are bad: WebSQL for example didn't become a standard because there was only a single implementation.


Where is the monoculture here?


If there were only one implementation for ASN.1 people would decry that whatever that implementation does effectively becomes the standard, and people would be clamoring to write a second implementation.


Ok, but there are many implementations. And the ASN.1 specs are really clear and readable (once you have a mental model of them).


Yes, which is why the contrast with monoculture is interesting. Hence my original comment.


Ah, I see. Thanks.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: