IETF Logo Mail Archive

Re: [art] Request for review of draft-diaz-lzip-07

Edward Vielmetti <edward.vielmetti@gmail.com> Mon, 24 April 2023 21:18 UTC

Return-Path: <edward.vielmetti@gmail.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB447C1BED3F for <art@ietfa.amsl.com>; Mon, 24 Apr 2023 14:18:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 44f3xamKbta4 for <art@ietfa.amsl.com>; Mon, 24 Apr 2023 14:18:09 -0700 (PDT)
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E258C153CA1 for <art@ietf.org>; Mon, 24 Apr 2023 14:14:56 -0700 (PDT)
Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-504eb1155d3so37068265a12.1 for <art@ietf.org>; Mon, 24 Apr 2023 14:14:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682370894; x=1684962894; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=oLRR7+UOFpQUWDJSetEw2num/DFTnIhPzR3H+iSbgtk=; b=Wvk8MbFWJF7ZtgYIX2fNhNhJddVKx04wf3KTjVTADDr87HuIFfNFPG8zTpqeZTNFZN pqBD3ohyctQje3+Zqnv4ZFetmCKRCcZCI+oIg9/p8zSCSVRfEiiXcbAoILZeB/UlVUKQ D3dGHwnkZbD/UFodguU+4t8V/YtgU1nYdjEDi1fihPJdn/hHh0RRxMRK9CH5Uu0Xu4Xp ExkNfYg2R+0Oa5Ix/2+pZAVxh/HV5VxbSdiALXdPu6pli9WoDwTiK2uWRUrjm0q9D7VE OBzFm6M9suzFcxDbJve8fkL+/nFmkjXM//byAVlZiLCwvot9SCH/G4NrkT6IWmkncU0D Mj2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682370894; x=1684962894; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oLRR7+UOFpQUWDJSetEw2num/DFTnIhPzR3H+iSbgtk=; b=OW7CBnhpaIzczCebf+PSzMdlsgHbUqOCLHoq4BXwFKtUO1qVsvMw1aHnLUgSIXHd1z EZwYjcgoWcYApxj6cn5eBvrXfPlCK9loyXr90Do+Kep5lsPgvfA2oSU7o+rceMw9p7x7 wjxL+QDXDR0dpgHPojgp+Ne3NdVe7dYIU9QJdT7oV1GXehuyabm10IYl5WBqkivkaY84 +AuUNFZgJuyksWL8sFcSVLCXihQ59R7LE/JaEZ6SxYFTxBS/vxhIyhaduPHQme6BW2+O /ZjneAebHyC88Cqf4E4iRF85jJFgyWT8HnEistXGLjxWUr7sUoqI6h4ctlEY6Ul86WZ5 Ue/A==
X-Gm-Message-State: AAQBX9djAoNlWexHYO3JrYbDtjnesCDiMCHD8NPi9yxJk5xvIzzj9rZM D5MJLw/YGQmNy4cQb5WqyAT5t3l7MyXpBYEyeamq28TeG0AENw==
X-Google-Smtp-Source: AKy350ZUY8XUj0wKCbC3PWjEeYtxHvYQpZdIDprpuS6pp8pk8pRVmI3q2Lbl/gfnm4sGNvj6moxA91HKLp/2Rt9TRSM=
X-Received: by 2002:a17:907:2109:b0:8f5:8da0:a482 with SMTP id qn9-20020a170907210900b008f58da0a482mr12515856ejb.25.1682370894186; Mon, 24 Apr 2023 14:14:54 -0700 (PDT)
MIME-Version: 1.0
References: <6446A793.5040802@gnu.org>
In-Reply-To: <6446A793.5040802@gnu.org>
From: Edward Vielmetti <edward.vielmetti@gmail.com>
Date: Mon, 24 Apr 2023 17:14:17 -0400
Message-ID: <CAPRZce36EWFH=WJtKE_xN1tsSMjJA7K3Ouj4NaFeJcfFpM1Xwg@mail.gmail.com>
To: Antonio Diaz Diaz <antonio@gnu.org>
Cc: art@ietf.org
Content-Type: multipart/alternative; boundary="000000000000874df605fa1b7f23"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/_ImeSvemvH_iMNfF71o0Gt5Ik7A>
Subject: Re: [art] Request for review of draft-diaz-lzip-07
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Apr 2023 21:18:11 -0000

Antonio -

I notice this in "Security Considerations"

> Lzip is a compressed format. Decompressing lzip data may expand them
 to a size more than 7000 times larger, risking an out-of-memory or
out-of-disc-space condition.

If you look at the corresponding "Security Considerations" for brotli,
another compression algorithm described in RFC 7932 (July 2016),
there is a much longer set of concerns expressed and risks from that
format related to malicious or corrupted content. For example, I'd
characterize the RFC 7932 concerns as being:

"buffer overflow triggered by invalid compressed data" p40

"system's resource consumption (CPU, memory, or storage)
to be disproportionately large compared to
the size of the compressed data" p40

"exploit a buffer overflow or cause disproportionately large resource
consumption by providing, e.g., uncompressible data." p41

"An attacker who can repeatedly mix arbitrary (attacker-supplied) data with
secret data (passwords,
cookies) and observe the length of the ciphertext can potentially
reconstruct the secret data." p41

Based on Brotli's concerns, I'd ask:

1) Are there sample files that implementations could use to
test against inadvertent or deliberate corruption in the file data?

2) Are there sample files that could be used to test the "7000x expansion"
case, so that implementations could check against them? I worry
about this with DDOS-style amplification attacks, where a 7000x
expansion in bytes on an attacking stream is way bigger than
the 200x that NTP amplification attacks can present.

3) Under what circumstances is lzip data incompressible,
and how does the reference implementation behave in
those circumstances? Does compression ever make a pathological
file way larger than the original?

thanks

Ed

On Mon, Apr 24, 2023 at 11:59 AM Antonio Diaz Diaz <antonio@gnu.org> wrote:

> Dear all,
>
> Not having received any answer in 3.5 years to my request for review of
> draft-diaz-lzip-00[1], I request now the review of draft-diaz-lzip-07[2]
> in
> the hope of having more luck this time.
>
> Along these years I have received feedback from several people and have
> fixed several minor issues. I think the draft is now ready for review.
>
> [1] https://mailarchive.ietf.org/arch/msg/art/ZuX1_G6rLsuoH04JNjJuD2rQ318/
> [2] https://datatracker.ietf.org/doc/draft-diaz-lzip/
>
>
> Thanks,
> Antonio Diaz.
>
> _______________________________________________
> art mailing list
> art@ietf.org
> https://www.ietf.org/mailman/listinfo/art
>


-- 
Edward Vielmetti +1 734 330 2465
edward.vielmetti@gmail.com

v2.23.0 | Report a Bug | By Email