IETF Logo Mail Archive

Re: [media-types] Update of MIME media type application/pkcs7-mime Registration

Alexey Melnikov <alexey.melnikov@isode.com> Fri, 14 June 2013 09:58 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B548721F9BFD for <media-types@ietfa.amsl.com>; Fri, 14 Jun 2013 02:58:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.947
X-Spam-Level:
X-Spam-Status: No, score=-101.947 tagged_above=-999 required=5 tests=[AWL=-0.744, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qQhBuZtZl2AI for <media-types@ietfa.amsl.com>; Fri, 14 Jun 2013 02:58:30 -0700 (PDT)
Received: from pechora1.lax.icann.org (unknown [IPv6:2620:0:2d0:201::1:71]) by ietfa.amsl.com (Postfix) with ESMTP id 39C6E21F9BA9 for <media-types@ietf.org>; Fri, 14 Jun 2013 02:58:29 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.3.217.251]) by pechora1.lax.icann.org (8.13.8/8.13.8) with ESMTP id r5E9w67F031783 for <media-types@iana.org>; Fri, 14 Jun 2013 09:58:27 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1371203882; d=isode.com; s=selector; i=@isode.com; bh=MKsWrO8RewvTx7jWaSnbFMhvzMrBuk180sFaeWFq1bs=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=GtAGU7FZTvfl+4PUYy62ef4rfUdfgQwphSieb5GfmTlxTJ9licDnKxObvku/2wB6C9LRQP +yOK3deSIn4hoqBTs7AhuQCYDUvbI7NPfKdiMLeyU2V1+kns/jHZCNPAmkb2gThmmALdnh Tv14nIpWj7fYcEEy2FY2vhlv+LNuEyY=;
Received: from [172.17.128.24] (richard.isode.com [62.3.217.249]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <UbrpKABjMye2@waldorf.isode.com>; Fri, 14 Jun 2013 10:58:02 +0100
References: <51B5E98A.50404@ieca.com> <fd8jr8hcb2e2ls0cporhg27io571n5fb5m@hive.bjoern.hoehrmann.de> <51B9C058.9060803@ieca.com> <51B9D49D.5000502@isode.com> <51B9D656.1050401@ieca.com> <51B9DB28.5090204@ieca.com> <51BA316C.6040803@henke37.cjb.net>
In-Reply-To: <51BA316C.6040803@henke37.cjb.net>
Message-Id: <B8110206-59E5-47FD-9347-50F8ADA13E04@isode.com>
X-Mailer: iPad Mail (9B206)
From: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Fri, 14 Jun 2013 11:02:31 +0100
To: Henrik Andersson <henke@henke37.cjb.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.0 (pechora1.lax.icann.org [192.0.33.71]); Fri, 14 Jun 2013 09:58:28 +0000 (UTC)
Cc: Sean Turner <turners@ieca.com>, Bjoern Hoehrmann <derhoermi@gmx.net>, "media-types@iana.org" <media-types@iana.org>, "draft-ietf-pkix-est.all@tools.ietf.org" <draft-ietf-pkix-est.all@tools.ietf.org>, "app-ads@tools.ietf.org" <app-ads@tools.ietf.org>
Subject: Re: [media-types] Update of MIME media type application/pkcs7-mime Registration
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/media-types>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2013 09:58:35 -0000

On 13 Jun 2013, at 21:54, Henrik Andersson <henke@henke37.cjb.net> wrote:

> Sean Turner skriver:
>> 
>> ASN.1 encoding rules (e.g., DER and BER) have a type-length-value
>> structure, and it is easy to construct malicious content with invalid
>> length fields that can cause buffer overrun conditions. ASN.1 encoding
>> rules allows for arbitrary levels of nesting, which may make it possible
>> to construct malicious content that will cause a stack overflow.
>> Interpreters of ASN.1 structures should be aware of these issues and
>> should take appropriate measures to guard against buffer overflows and
>> stack overruns in particular and malicious content in general.
>> 
> 
> Lots of formats have explicit length fields and nested structures.
> Parsers are expected to know how to deal with malformed data of this type.
> 
> I don't think a warning of this kind is necessary, because if it was
> then pretty much all formats requiring binary transfer considerations
> (and then some!) would need it.

More information is better, IMHO. At least calling out that this is DER/BER based would be a good idea.

v2.23.0 | Report a Bug | By Email