Re: IP: More on Precautions Against SNMP Vulnerability

[David Farber <dfarber () earthlink net>]

-----Original Message-----
From: Tom Van Vleck <thvv () multicians org>
Date: Sat, 16 Feb 2002 12:42:56 
To: farber () cis upenn edu
Subject: Re: IP: More on  Precautions Against SNMP Vulnerability

Karl Auerbach's comments on SNMP and ASN.1 BER rang a bell.
Another protocol built on ASN.1 was the SET (Secure Electronic
Transaction) protocol advocated by many parties including
Visa and MasterCard in the mid 90s. I worked at CyberCash 
then on a pilot SET implementation and got to know the
internals of the protocol.

Without getting into the whole sorry politics of SET,
I can make a technical observation about the protocol.
In addtition to the difficulty of testing ASN.1 based 
protocols, there was the risk of monoculture: there were 
a few companies that provided ASN.1 toolkits that were
used in multiple SET implementations.  None of the toolkits
we looked at had formal verification or assurance.
The SET protocol itself was far from simple, and was 
designed without planning for formal verification,
layered acceptance testing of participating elements, 
or protocol evolution.

SET has faded from view, whch makes worries
about its layering, adaptability, and assurance moot.
I hope the next attempt at such a protocol is done with
extreme rigor, and is not rushed into use.

For archives see:
http://www.interesting-people.org/archives/interesting-people/