Re: [apps-discuss] Review of: draft-yevstifeyev-abnf-separated-lists-02
Dave CROCKER <dhc@dcrocker.net> Sat, 11 December 2010 16:15 UTC
Return-Path: <dhc@dcrocker.net>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA5183A6D25 for <apps-discuss@core3.amsl.com>; Sat, 11 Dec 2010 08:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vruq+b6KgPNR for <apps-discuss@core3.amsl.com>; Sat, 11 Dec 2010 08:15:19 -0800 (PST)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by core3.amsl.com (Postfix) with ESMTP id 485213A6B55 for <apps-discuss@ietf.org>; Sat, 11 Dec 2010 08:15:19 -0800 (PST)
Received: from [192.168.1.2] (ppp-67-124-89-109.dsl.pltn13.pacbell.net [67.124.89.109]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id oBBGGlK7030808 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Sat, 11 Dec 2010 08:16:53 -0800
Message-ID: <4D03A3EA.60006@dcrocker.net>
Date: Sat, 11 Dec 2010 08:16:42 -0800
From: Dave CROCKER <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Mykyta Yevstifeyev <evnikita2@gmail.com>
References: <4D028FE0.20906@bbiw.net> <4D035776.4080206@gmail.com>
In-Reply-To: <4D035776.4080206@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Sat, 11 Dec 2010 08:16:53 -0800 (PST)
Cc: "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Review of: draft-yevstifeyev-abnf-separated-lists-02
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Dec 2010 16:15:21 -0000
On 12/11/2010 2:50 AM, Mykyta Yevstifeyev wrote: > Hello all, > > Some notes: > > Firstly, this is a review of -02 version and many issues have been > corrected in -03 one. However I raised a number of questions and concerns that do not appear to be resolved in the new version. Since the number of comments in the review is not all that large, it would be helpful to see responses to each, even for those having the response "resolved in -03." That will make it easy for readers to form their own opinions about the resolutions. >>> 3. Security Considerations >>> >>> Security issues are not discussed by this document. >> >> A notation that can create obscure effects might well introduce security >> holes. That's an issue that is not specific to this document, but I wonder >> whether it isn't time to raise this point in the Considerations sectin? > How can a simple notation have any security consideration? Whether it is simple is not the point. The point is that a meta-syntax that makes syntax specifications less clear can make it legal to have data in forms that might not have been intended or desired. This can, in turn, allow in types of data that are potentially dangerous. This is often a problem with space, for example, which seeks to bypass filters. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
- [apps-discuss] Review of: draft-yevstifeyev-abnf-… Dave CROCKER
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Mykyta Yevstifeyev
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Julian Reschke
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Dave CROCKER
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Dave CROCKER
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Thomson, Martin
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Julian Reschke
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Thomson, Martin
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Julian Reschke
- Re: [apps-discuss] Review of: draft-yevstifeyev-a… Thomson, Martin
- Re: [apps-discuss] draft-yevstifeyev-abnf-separat… Mykyta Yevstifeyev
- Re: [apps-discuss] draft-yevstifeyev-abnf-separat… Dave CROCKER
- Re: [apps-discuss] draft-yevstifeyev-abnf-separat… Julian Reschke
- Re: [apps-discuss] draft-yevstifeyev-abnf-separat… Thomson, Martin
- Re: [apps-discuss] draft-yevstifeyev-abnf-separat… Dave CROCKER
- Re: [apps-discuss] draft-yevstifeyev-abnf-separat… Paul Overell