Re: [apps-discuss] Comments on Malformed Message BCP draft

Dave Cridland <dave@cridland.net> Fri, 15 April 2011 17:50 UTC

Return-Path: <dave@cridland.net>
X-Original-To: apps-discuss@ietfc.amsl.com
Delivered-To: apps-discuss@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 7D6D1E06A4 for <apps-discuss@ietfc.amsl.com>; Fri, 15 Apr 2011 10:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cxl8Z8KU63F5 for <apps-discuss@ietfc.amsl.com>; Fri, 15 Apr 2011 10:50:46 -0700 (PDT)
Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [IPv6:2001:470:1f09:882:2e0:81ff:fe29:d16a]) by ietfc.amsl.com (Postfix) with ESMTP id 0572FE0663 for <apps-discuss@ietf.org>; Fri, 15 Apr 2011 10:50:46 -0700 (PDT)
Received: from localhost (peirce.dave.cridland.net [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id D85BC1168087; Fri, 15 Apr 2011 18:50:44 +0100 (BST)
X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net
Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQ5q0MZb+hcS; Fri, 15 Apr 2011 18:50:37 +0100 (BST)
Received: from puncture (puncture.dave.cridland.net [IPv6:2001:470:1f09:882:221:85ff:fe3f:1696]) by peirce.dave.cridland.net (Postfix) with ESMTPA id B37A51168067; Fri, 15 Apr 2011 18:50:36 +0100 (BST)
References: <F5833273385BB34F99288B3648C4F06F1343319E22@EXCH-C2.corp.cloudmark.com> <CEDB17EC-80CE-49B5-91C1-FBCB0449BBA5@network-heretics.com> <4DA8542F.9040003@tana.it> <5FBD6703-40D0-482F-B6A5-4C17EC88B9D3@network-heretics.com>
In-Reply-To: <5FBD6703-40D0-482F-B6A5-4C17EC88B9D3@network-heretics.com>
MIME-Version: 1.0
Message-Id: <3111.1302889836.721157@puncture>
Date: Fri, 15 Apr 2011 18:50:36 +0100
From: Dave Cridland <dave@cridland.net>
To: Keith Moore <moore@network-heretics.com>, ietf-822 <ietf-822@imc.org>, General discussion of application-layer protocols <apps-discuss@ietf.org>, Alessandro Vesely <vesely@tana.it>
Content-Type: text/plain; delsp="yes"; charset="us-ascii"; format="flowed"
Subject: Re: [apps-discuss] Comments on Malformed Message BCP draft
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Apr 2011 17:50:51 -0000

On Fri Apr 15 18:38:50 2011, Keith Moore wrote:
> Bouncing is absolutely what should happen if the message is merely  
> malformed.  Otherwise, the sender has no idea that his message  
> didn't arrive (or why), and nothing will ever be done to fix the  
> problem.

But the problem is that the message didn't arrive. The reason is that  
it's malformed, but that's not the problem that people care most  
about. Now, *we* may care, but that's a wholly different thing, and  
largely irrelevant to the average user.

Bouncing has problems too - it's trivial to use such a server to  
bounce malformed MIME back to some other address which then processes  
the MIME and allows some malware through.

As I said before, differences in error handling behaviour may result  
in malware vectors being available. If you standardize the error  
handling (to whatever you like - pass through, bounce, or reject)  
then the net result is that exploits of this form cannot happen.

Dave.
-- 
Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade