IETF Logo Mail Archive

Re: [EAI] I-D Action: draft-ietf-eai-rfc5335bis-11.txt

John C Klensin <klensin@jck.com> Tue, 26 July 2011 12:03 UTC

Return-Path: <klensin@jck.com>
X-Original-To: ima@ietfa.amsl.com
Delivered-To: ima@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A299621F8AD9 for <ima@ietfa.amsl.com>; Tue, 26 Jul 2011 05:03:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.661
X-Spam-Level:
X-Spam-Status: No, score=-2.661 tagged_above=-999 required=5 tests=[AWL=-0.062, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LqxRKPSZbk1O for <ima@ietfa.amsl.com>; Tue, 26 Jul 2011 05:03:40 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by ietfa.amsl.com (Postfix) with ESMTP id 015A521F8AD6 for <ima@ietf.org>; Tue, 26 Jul 2011 05:03:39 -0700 (PDT)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1QlgMF-00040u-Md; Tue, 26 Jul 2011 08:03:31 -0400
Date: Tue, 26 Jul 2011 08:03:28 -0400
From: John C Klensin <klensin@jck.com>
To: dcrocker@bbiw.net, ned+ima@mrochek.com
Message-ID: <13981F8F92EEA278CEF5C9DA@JCK-EEE10>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: ima@ietf.org
Subject: Re: [EAI] I-D Action: draft-ietf-eai-rfc5335bis-11.txt
X-BeenThere: ima@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "EAI \(Email Address Internationalization\)" <ima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ima>
List-Post: <mailto:ima@ietf.org>
List-Help: <mailto:ima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jul 2011 12:03:40 -0000

--On Tuesday, 26 July, 2011 07:12 -0400 Dave CROCKER
<dhc2@dcrocker.net> wrote:

>> The 78 character limit remains defined in terms of
>> characters, not octets, since
>> it is intended to address display width issues, not line
>> length issues. </t>
> 
> I'll ask a "due diligence" question:
> 
>     Are we certain that this long-standing 78-character limit
> has not produced hard buffering limits in software that really
> make it an installed base of 78-octets?

Dave, I've seen far more MUAs in recent years that pay no
attention to the 78 character limit then I have ones that, e.g.,
build fragile buffers around it.   Indeed, any contemporary MUA
that supports "flowed", binary (BDAT) input,  or a few other
things already has to be adequately careful about that.   

However, the question is reasonable.  I'd think a reasonable
response might be to add a comment in the Security
Considerations section to the effect that the use of UTF-8 --and
hence inherently variable-length strings that might turn out to
be longer than one might naively expect-- calls for caution
about buffer sizes and overflows.  That would cover not only
this case but a number of others in which software might
reasonably buffer subfields.   For example, A-label to U-label
conversion can produce either longer or shorter U-label  strings
than the A-label original and only the latter is constrained by
the DNS limit on label length.

I note that this issue is not covered in the Security
Considerations section of RFC 3629.

   john

v2.23.0 | Report a Bug | By Email