IETF Logo Mail Archive

Re: [media-types] Update of MIME media type application/pkcs7-mime Registration

Alexey Melnikov <alexey.melnikov@isode.com> Fri, 14 June 2013 10:01 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88FC821F9C2F for <media-types@ietfa.amsl.com>; Fri, 14 Jun 2013 03:01:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.885
X-Spam-Level:
X-Spam-Status: No, score=-101.885 tagged_above=-999 required=5 tests=[AWL=-0.682, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HtyYwhO57+4o for <media-types@ietfa.amsl.com>; Fri, 14 Jun 2013 03:01:01 -0700 (PDT)
Received: from pechora4.lax.icann.org (pechora4.icann.org [IPv6:2620:0:2d0:201::1:74]) by ietfa.amsl.com (Postfix) with ESMTP id C294821F9BFD for <media-types@ietf.org>; Fri, 14 Jun 2013 03:01:01 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by pechora4.lax.icann.org (8.13.8/8.13.8) with ESMTP id r5EA0djm022430 for <media-types@iana.org>; Fri, 14 Jun 2013 10:01:00 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1371204036; d=isode.com; s=selector; i=@isode.com; bh=ETuhINzbOyjGw3qeZqaXxKo73AewcXbHJ5wuME0BIr8=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=ibrc1Onx/SVOo9qG8A17X5QxAhw3+WtxQX//B9q9Ra3t7R8VFHdkoXL9CA3uEFowaX2fu6 DV1j+E3crU3kRQU1HcDqFEB1sPZI5IlItGFDSpwTO7OT5aCP7XEOtj/Dh6OZaS9X3zRJwx o4p67UY4UNsIz+Y3GhzIvHb1+6a8wX0=;
Received: from [172.17.128.24] (richard.isode.com [62.3.217.249]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <UbrpxABjMzS-@waldorf.isode.com>; Fri, 14 Jun 2013 11:00:36 +0100
References: <51B5E98A.50404@ieca.com> <fd8jr8hcb2e2ls0cporhg27io571n5fb5m@hive.bjoern.hoehrmann.de> <51B9C058.9060803@ieca.com> <51B9D49D.5000502@isode.com> <51B9D656.1050401@ieca.com> <51B9DB28.5090204@ieca.com>
In-Reply-To: <51B9DB28.5090204@ieca.com>
Message-Id: <1D55B1F2-C803-4EA4-94D1-4CE08ECCB54B@isode.com>
X-Mailer: iPad Mail (9B206)
From: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Fri, 14 Jun 2013 11:05:07 +0100
To: Sean Turner <turners@ieca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.0 (pechora4.lax.icann.org [IPv6:2620:0:2d0:201::1:74]); Fri, 14 Jun 2013 10:01:01 +0000 (UTC)
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, "media-types@iana.org" <media-types@iana.org>, "draft-ietf-pkix-est.all@tools.ietf.org" <draft-ietf-pkix-est.all@tools.ietf.org>, "app-ads@tools.ietf.org" <app-ads@tools.ietf.org>
Subject: Re: [media-types] Update of MIME media type application/pkcs7-mime Registration
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/media-types>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2013 10:01:02 -0000

On 13 Jun 2013, at 15:46, Sean Turner <turners@ieca.com> wrote:

> On 6/13/13 10:25 AM, Sean Turner wrote:
>> On 6/13/13 10:18 AM, Alexey Melnikov wrote:
>>> On 13/06/2013 13:51, Sean Turner wrote:
>>>> On 6/13/13 6:47 AM, Bjoern Hoehrmann wrote:
>>>>> * Sean Turner wrote:
>>>>>> The application/pkcs7-mime content type defines the optional "smime-
>>>>>> type" parameter [RFC5751].  The smime-type parameter for Server-side
>>>>>> Key Generation Response is server-generated-key.
>>>>>> 
>>>>>> smime-type name: server-generated-key
>>>>>> 
>>>>>> Required parameters: None
>>>>> 
>>>>> This should be preceded by
>>>>> 
>>>>>   Type name: application
>>>>> 
>>>>>   Subtype name: pkcs7-mime
>>>>> 
>>>>> If this is supposed to register the application/pkcs7-mime type. But it
>>>>> seems to me that using the media type registration template here is not
>>>>> correct, I would rather expect "Updates: 5751" and then simply defining
>>>>> the additional smime-type parameter, no need for the template.
>>>> 
>>>> It's not registering application/pkcs7-mime is adding a parameter. If
>>>> I understand correctly, if we added "Updates: 5751 (once approved)" to
>>>> the header we could just omit the template completely?  I'd argue that
>>>> if we don't need the template that's great, but what's more important
>>>> is that people be able to find these subtypes and the way to do that
>>>> is to have them pointed to by the registry not the original document.
>>>> How about if we just omit the template and ask IANA to *also* point to
>>>> this document from the application/pkcs7-mime registry?
>>> Sounds sensible to me. (But also see my other email).
>> 
>> Other email is about using +der and adding some generic considerations
>> about parsers.  I'll have to go check on the +der bit with some folks
>> but the other suggestion seems very reasonable.
> 
> I don't think we can put +der at the end of this because the others don't include it.

There is no backward compatibility issue here, so I don't understand your argument.
The +suffix convention is a relatively new, but I think it should e used for all new registrations that match existing suffixes.

>  But on the security considerations how about the following:
> 
> ASN.1 encoding rules (e.g., DER and BER) have a type-length-value structure, and it is easy to construct malicious content with invalid length fields that can cause buffer overrun conditions. ASN.1 encoding rules allows for arbitrary levels of nesting, which may make it possible to construct malicious content that will cause a stack overflow. Interpreters of ASN.1 structures should be aware of these issues and should take appropriate measures to guard against buffer overflows and stack overruns in particular and malicious content in general.

Works for me.

v2.23.0 | Report a Bug | By Email