Re: [apps-discuss] Review of: draft-yevstifeyev-abnf-separated-lists-02

Dave CROCKER <> Sat, 11 December 2010 16:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id AA5183A6D25 for <>; Sat, 11 Dec 2010 08:15:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vruq+b6KgPNR for <>; Sat, 11 Dec 2010 08:15:19 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 485213A6B55 for <>; Sat, 11 Dec 2010 08:15:19 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.13.8/8.13.8) with ESMTP id oBBGGlK7030808 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Sat, 11 Dec 2010 08:16:53 -0800
Message-ID: <>
Date: Sat, 11 Dec 2010 08:16:42 -0800
From: Dave CROCKER <>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv: Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: Mykyta Yevstifeyev <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 ( []); Sat, 11 Dec 2010 08:16:53 -0800 (PST)
Cc: "" <>
Subject: Re: [apps-discuss] Review of: draft-yevstifeyev-abnf-separated-lists-02
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 11 Dec 2010 16:15:21 -0000

On 12/11/2010 2:50 AM, Mykyta Yevstifeyev wrote:
> Hello all,
> Some notes:
> Firstly, this is a review of -02 version and many issues have been
> corrected in -03 one.

However I raised a number of questions and concerns that do not appear to be 
resolved in the new version.

Since the number of comments in the review is not all that large, it would be 
helpful to see responses to each, even for those having the response "resolved 
in -03."  That will make it easy for readers to form their own opinions about 
the resolutions.

>>> 3. Security Considerations
>>> Security issues are not discussed by this document.
>> A notation that can create obscure effects might well introduce security
>> holes. That's an issue that is not specific to this document, but I wonder
>> whether it isn't time to raise this point in the Considerations sectin?
> How can a simple notation have any security consideration?

Whether it is simple is not the point.  The point is that a meta-syntax that 
makes syntax specifications less clear can make it legal to have data in forms 
that might not have been intended or desired.  This can, in turn, allow in types 
of data that are potentially dangerous.  This is often a problem with space, for 
example, which seeks to bypass filters.


   Dave Crocker
   Brandenburg InternetWorking