IETF Logo Mail Archive

[idn] Re: stringprep: PRI #29

Simon Josefsson <jas@extundo.com> Sun, 20 March 2005 21:17 UTC

Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA23271 for <idn-archive@lists.ietf.org>; Sun, 20 Mar 2005 16:17:48 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.44 (FreeBSD)) id 1DD7jc-000OIv-Ie for idn-data@psg.com; Sun, 20 Mar 2005 21:13:20 +0000
Received: from [217.13.230.178] (helo=yxa.extundo.com) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.44 (FreeBSD)) id 1DD7ja-000OIE-0w for idn@ops.ietf.org; Sun, 20 Mar 2005 21:13:18 +0000
Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.3/8.13.3/Debian-6) with ESMTP id j2KLD6Kh031188 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sun, 20 Mar 2005 22:13:09 +0100
From: Simon Josefsson <jas@extundo.com>
To: Erik van der Poel <erik@vanderpoel.org>
Cc: idn@ops.ietf.org
Subject: [idn] Re: stringprep: PRI #29
References: <42322CE2.4040509@vanderpoel.org> <4232B2FD.1080104@vanderpoel.org> <4232BA56.5090001@vanderpoel.org> <iluk6odazwb.fsf@latte.josefsson.org> <00e801c528a8$99ad37d0$72703009@sanjose.ibm.com> <ilull8qb5n5.fsf@latte.josefsson.org> <42367B63.6080300@vanderpoel.org> <4237450A.9010901@v.loewis.de> <423754F3.50405@vanderpoel.org> <ilumzt47ezc.fsf@latte.josefsson.org> <20050316091126.GA24254~@nicemice.net> <iluzmx36h6t.fsf@latte.josefsson.org> <423CD9DC.5080401@vanderpoel.org> <ilur7iaycuj.fsf@latte.josefsson.org> <423DB883.1020408@vanderpoel.org>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
Blog: http://www.livejournal.com/users/jas4711/
X-Hashcash: 1:21:050320:idn@ops.ietf.org::PNP5IcTx4SIAEq8Z:3YBg
X-Hashcash: 1:21:050320:erik@vanderpoel.org::BxrFa9+POEYju/hQ:4hnA
Date: Sun, 20 Mar 2005 22:12:45 +0100
In-Reply-To: <423DB883.1020408@vanderpoel.org> (Erik van der Poel's message of "Sun, 20 Mar 2005 09:53:07 -0800")
Message-ID: <iluis3mxbqq.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: ClamAV version 0.83, clamav-milter version 0.83 on yxa.extundo.com
X-Virus-Status: Clean
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.1
Sender: owner-idn@ops.ietf.org
Precedence: bulk

Erik van der Poel <erik@vanderpoel.org> writes:

>> My SASL implementation reject the
>> PR-29 sequences, as will my Kerberos implementation, and I suggest
>> that everyone implement similar precautions.
>
> I haven't been involved with this issue for very long. Would you say 
> that a lot of the implementors have already heard of your approach, and 
> that they are either using the same approach or considering it?

I haven't seen much evidence of that.  The SASL and Kerberos specs
that use StringPrep haven't been published yet.  Few, if any,
implementors are speaking about this issue in those WG's.  Presumably
the specs are pushed out before the ideas have been implemented and
tested in practice.

>> Until this problem is addressed in an update of RFC 3454, rejecting
>> the problem sequences appear to be the most conservative approach to
>> me.  What would you propose to do instead?
>
> Well, my feeling is that it will take too long to publish a new version 
> of the Stringprep RFC, and that implementors should get together to try 
> to reach a rough consensus and make changes before the new RFC is 
> published. PRI #29 has been published, with a fair amount of info for 
> the implementors to make a decision.

I think it may be better to try and reach that consensus within the
IETF.  The expertise on this are supposed to be here.

>> The problem sequences doesn't normally occur in the wild, at least
>> that is what PR-29 says, so it is unlikely to ever be a practical
>> problem.  It remains a security concern though, and that concern won't
>> go away until the spec's are updated, regardless of what I do in my
>> implementation.
>
> Why would a mere spec update make the concern go away? Didn't you say 
> that the differing implementations were the concern?

Right.  I was assuming implementors will implement a sanely updated
spec, and that this in combination would solve the problem.

>> This isn't up to individual implementors.  RFC 3454 need to be updated
>> to address the problem.  Everyone can submit their own update of RFC
>> 3454 to the IETF and advocate for their proposal.  I don't care
>> strongly which solution is chosen, if there is a good migration plan
>> to the new idea.  Meanwhile, implementors will route around the damage
>> and pick their own solutions.
>
> OK, let's suppose just for the moment, that we decide to have Stringprep 
> point to version 24 or higher of UAX #15. Can you think of a migration 
> plan that would satisfy ultra-conservative implementors like yourself?

The spec could suggest that all problem sequences are to be rejected.

> Or, if you wish, suppose that we do _not_ have Stringprep point to a 
> newer version of UAX #15. Can you think of a good migration plan for 
> that? (Given that some implementations implement UAX #15 differently.)

Here too, the spec could suggest to reject all problem sequences.  The
NFKC implementations could continue to work as the Unicode 3.2
algorithm description suggest, but since the problem sequences are
rejected, you wouldn't notice the difference in practice.

Assuming PR#29 is correct on that these strings doesn't occur
naturally, rejecting them doesn't appear to have any interoperability
consequences.

Regards,
Simon

v2.23.0 | Report a Bug | By Email