[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bleeding-sigs
Subject:    Re: [Bleeding-sigs] Google Talk sigs
From:       Frank Knobbe <frank () knobbe ! us>
Date:       2005-08-30 0:50:38
Message-ID: 1125363038.33541.61.camel () localhost
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On Mon, 2005-08-29 at 14:02 -0700, Blake Hartstein wrote:
> For readability, I have converted the hex in the rules to ascii. 
> The comments following are the content translations.

You know, an content match is a content match. It isn't faster if you
write it in Hex, just harder to read and easier to make mistakes. Why
don't you just change that to ASCII in the rules? There may be cases
(like gmail.com) where a nocase would probably be a good idea (it seems
to be missing from the Hex matches, allowing for evasion).

Since you have commit access.... just go ahead and make the change. :)

(When I get some time later this week, I'm gonna comb the other rules
for cases where ASCII might be a better choice that an obfuscated Hex).

Cheers,
Frank


-- 
Ciscogate: Shame on Cisco. Double-Shame on ISS.

["signature.asc" (application/pgp-signature)]

_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs@bleedingsnort.com
http://lists.bleedingsnort.com/mailman/listinfo/bleeding-sigs


[prev in list] [next in list] [prev in thread] [next in thread]