Re: [media-types] Update of MIME media type application/pkcs7-mime Registration
Henrik Andersson <henke@henke37.cjb.net> Thu, 13 June 2013 20:54 UTC
Return-Path: <henke@henke37.cjb.net>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B882421F99C2 for <media-types@ietfa.amsl.com>; Thu, 13 Jun 2013 13:54:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fqEvOfMPpfWc for <media-types@ietfa.amsl.com>; Thu, 13 Jun 2013 13:54:39 -0700 (PDT)
Received: from pechora1.lax.icann.org (unknown [IPv6:2620:0:2d0:201::1:71]) by ietfa.amsl.com (Postfix) with ESMTP id 2045121F91BC for <media-types@ietf.org>; Thu, 13 Jun 2013 13:54:38 -0700 (PDT)
Received: from smtp-out12.han.skanova.net (smtp-out12.han.skanova.net [195.67.226.212]) by pechora1.lax.icann.org (8.13.8/8.13.8) with ESMTP id r5DKsHMK000576 for <media-types@iana.org>; Thu, 13 Jun 2013 20:54:38 GMT
Received: from [127.0.0.1] (90.230.202.243) by smtp-out12.han.skanova.net (8.5.133) (authenticated as u57601879) id 51B4DDE700141429; Thu, 13 Jun 2013 22:54:10 +0200
Message-ID: <51BA316C.6040803@henke37.cjb.net>
Date: Thu, 13 Jun 2013 22:54:04 +0200
From: Henrik Andersson <henke@henke37.cjb.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0 SeaMonkey/2.17.1
MIME-Version: 1.0
To: Sean Turner <turners@ieca.com>, Alexey Melnikov <alexey.melnikov@isode.com>
References: <51B5E98A.50404@ieca.com> <fd8jr8hcb2e2ls0cporhg27io571n5fb5m@hive.bjoern.hoehrmann.de> <51B9C058.9060803@ieca.com> <51B9D49D.5000502@isode.com> <51B9D656.1050401@ieca.com> <51B9DB28.5090204@ieca.com>
In-Reply-To: <51B9DB28.5090204@ieca.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 130613-0, 2013-06-13), Outbound message
X-Antivirus-Status: Clean
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.0 (pechora1.lax.icann.org [192.0.33.71]); Thu, 13 Jun 2013 20:54:38 +0000 (UTC)
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, media-types@iana.org, draft-ietf-pkix-est.all@tools.ietf.org, app-ads@tools.ietf.org
Subject: Re: [media-types] Update of MIME media type application/pkcs7-mime Registration
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/media-types>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2013 20:54:45 -0000
Sean Turner skriver: > > ASN.1 encoding rules (e.g., DER and BER) have a type-length-value > structure, and it is easy to construct malicious content with invalid > length fields that can cause buffer overrun conditions. ASN.1 encoding > rules allows for arbitrary levels of nesting, which may make it possible > to construct malicious content that will cause a stack overflow. > Interpreters of ASN.1 structures should be aware of these issues and > should take appropriate measures to guard against buffer overflows and > stack overruns in particular and malicious content in general. > Lots of formats have explicit length fields and nested structures. Parsers are expected to know how to deal with malformed data of this type. I don't think a warning of this kind is necessary, because if it was then pretty much all formats requiring binary transfer considerations (and then some!) would need it.
- [media-types] Update of MIME media type applicati… Sean Turner
- Re: [media-types] Update of MIME media type appli… Bjoern Hoehrmann
- Re: [media-types] Update of MIME media type appli… Sean Turner
- Re: [media-types] Update of MIME media type appli… Alexey Melnikov
- Re: [media-types] Update of MIME media type appli… Alexey Melnikov
- Re: [media-types] Update of MIME media type appli… Sean Turner
- Re: [media-types] Update of MIME media type appli… Sean Turner
- Re: [media-types] Update of MIME media type appli… Henrik Andersson
- Re: [media-types] Update of MIME media type appli… Alexey Melnikov
- Re: [media-types] Update of MIME media type appli… Alexey Melnikov
- Re: [media-types] Update of MIME media type appli… Sean Turner
- Re: [media-types] Update of MIME media type appli… Sean Turner
- Re: [media-types] Update of MIME media type appli… Alexey Melnikov
- Re: [media-types] Update of MIME media type appli… Sean Turner