IETF Logo Mail Archive

Re: [Cellar] Security considerations: recursive elements

Reto Kromer <lists@reto.ch> Thu, 18 January 2018 08:24 UTC

Return-Path: <lists@reto.ch>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C3EC12EB13 for <cellar@ietfa.amsl.com>; Thu, 18 Jan 2018 00:24:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g7P_LuIAhEUd for <cellar@ietfa.amsl.com>; Thu, 18 Jan 2018 00:24:32 -0800 (PST)
Received: from smtp-sh2.infomaniak.ch (smtp-sh2.infomaniak.ch [128.65.195.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F9871205F0 for <cellar@ietf.org>; Thu, 18 Jan 2018 00:24:32 -0800 (PST)
Received: from smtp6.infomaniak.ch (smtp6.infomaniak.ch [83.166.132.19]) by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id w0I8OUxN012353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <cellar@ietf.org>; Thu, 18 Jan 2018 09:24:30 +0100
Received: from castor.home (dynamic.wline.6rd.res.cust.swisscom.ch [IPv6:2a02:1205:5018:da0:3d51:6963:5ea8:dd81] (may be forged)) (authenticated bits=0) by smtp6.infomaniak.ch (8.14.5/8.14.5) with ESMTP id w0I8OT4R040642 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for <cellar@ietf.org>; Thu, 18 Jan 2018 09:24:30 +0100
Date: Thu, 18 Jan 2018 09:24:30 +0100
From: Reto Kromer <lists@reto.ch>
To: cellar@ietf.org
X-Priority: 3
In-Reply-To: <082fb94e-75ed-bb3f-462d-c56a347af693@mediaarea.net>
Message-ID: <r470Ps-10116i-3ABCD62B1357486F868D3DB41D62F97E@castor.home>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4 (470)
X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8
X-Antivirus-Code: 0x100000
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/3m_XN4qACLxBTNSiuQk4stL_FfU>
Subject: Re: [Cellar] Security considerations: recursive elements
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2018 08:24:34 -0000

Jerome Martinez wrote:

>"An implementation may set limits on the maximum depth of
>nesting" in a parser section (similar to JSON RFC).

I agree, this is up to the single implementations.

>- A minimum depends on the goal of the parser, 

I strongly agree!

Best regards, Reto

v2.23.0 | Report a Bug | By Email