Re: [apps-discuss] apps-review team review for draft-ietf-eai-rfc5335bis-07
Claudio Allocchio <Claudio.Allocchio@garr.it> Thu, 20 January 2011 17:02 UTC
Return-Path: <Claudio.Allocchio@garr.it>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 40B183A7037 for <apps-discuss@core3.amsl.com>; Thu, 20 Jan 2011 09:02:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[AWL=0.049, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q5smz7q9l7o5 for <apps-discuss@core3.amsl.com>; Thu, 20 Jan 2011 09:02:11 -0800 (PST)
Received: from cyrus.dir.garr.it (cyrus.dir.garr.it [IPv6:2001:760:0:158::29]) by core3.amsl.com (Postfix) with ESMTP id 896063A6FDE for <apps-discuss@ietf.org>; Thu, 20 Jan 2011 09:02:10 -0800 (PST)
Received: from mac-allocchio3.elettra.trieste.it (mac-allocchio3.elettra.trieste.it [140.105.2.18]) (authenticated bits=0) by cyrus.dir.garr.it (8.14.4/8.14.4) with ESMTP id p0KH4hRb010915 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 20 Jan 2011 18:04:43 +0100 (CET)
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 cyrus.dir.garr.it p0KH4hRb010915
DomainKey-Signature: a=rsa-sha1; s=mail; d=garr.it; c=simple; q=dns; b=qSkhwHU1ypuHAcICZ6iwHmb797Z7YWKd0Sy1/f6NsG6cwqN47ycNwQDgR8qJxhunV URFU0PXV5yMqqvlKzIgFHQObPlgAGKM35yiXEg24Vu3mXPagPORWwiY0dBe2PHzxeN3 X2YOC0R/Pet22GX9ed3UoLyavfWJCsRc8RXxmlM=
Date: Thu, 20 Jan 2011 18:04:42 +0100
From: Claudio Allocchio <Claudio.Allocchio@garr.it>
X-X-Sender: claudio@mac-allocchio3.elettra.trieste.it
To: "Murray S. Kucherawy" <msk@cloudmark.com>
In-Reply-To: <F5833273385BB34F99288B3648C4F06F1341E73C8A@EXCH-C2.corp.cloudmark.com>
Message-ID: <Pine.OSX.4.64.1101201803480.15439@mac-allocchio3.elettra.trieste.it>
References: <F5833273385BB34F99288B3648C4F06F1341E73C8A@EXCH-C2.corp.cloudmark.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: "Shawn.Steele@microsoft.com" <Shawn.Steele@microsoft.com>, John C Klensin <klensin@jck.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "abelyang@twnic.net.tw" <abelyang@twnic.net.tw>
Subject: Re: [apps-discuss] apps-review team review for draft-ietf-eai-rfc5335bis-07
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jan 2011 17:02:12 -0000
> The Security Considerations section should discuss the problem of having > UTF-8 aware transport (i.e. MTAs) coupled with UTF-8 unaware user agents > (e.g. readers) as well as filters and the like. The author talks about > needing bigger buffers, but I think that's far less interesting than the > possible semantic implications. I consider this a major issue, and so I > would expect this discussion to be non-trivial in size, and include some > admonishment about not upgrading a delivery MTA to support UTF-8 message > headers until the entire infrastructure it serves has already been > verified to handle it. This might be discussed in one of the other EAI > documents already; if it is, this one should contain a reference to > that. a late (never too late!) +1 > > On a related note, Security Considerations should also talk about abuse > mechanisms. If, for example, there are lots of ways of using UTF-8 to > represent something equivalent or similar to a particular displayed > character or group of characters (all the variants of "e" in French, > using accents, for example), then filtering systems can be bypassed by > using one of the variants to avoid detection while still reaching the > end user with largely the same original effect. This too might be > discussed elsewhere in general, in which case a reference to that > discussion can be left here. and another +1 here! ------------------------------------------------------------------------------ Claudio Allocchio G A R R Claudio.Allocchio@garr.it Senior Technical Officer tel: +39 040 3758523 Italian Academic and G=Claudio; S=Allocchio; fax: +39 040 3758565 Research Network P=garr; A=garr; C=it; PGP Key: http://www.cert.garr.it/PGP/keys.php3#ca
- [apps-discuss] apps-review team review for draft-… Murray S. Kucherawy
- Re: [apps-discuss] apps-review team review for dr… Claudio Allocchio