IETF Logo Mail Archive

Re: [media-types] Update of MIME media type application/pkcs7-mime Registration

Sean Turner <turners@ieca.com> Thu, 13 June 2013 20:03 UTC

Return-Path: <turners@ieca.com>
X-Original-To: media-types@ietfa.amsl.com
Delivered-To: media-types@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AB9821F99A4 for <media-types@ietfa.amsl.com>; Thu, 13 Jun 2013 13:03:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.148
X-Spam-Level:
X-Spam-Status: No, score=-102.148 tagged_above=-999 required=5 tests=[AWL=0.073, BAYES_00=-2.599, DATE_IN_PAST_03_06=0.044, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bQOsBuAshLlg for <media-types@ietfa.amsl.com>; Thu, 13 Jun 2013 13:03:20 -0700 (PDT)
Received: from pechora3.lax.icann.org (pechora3.icann.org [IPv6:2620:0:2d0:201::1:73]) by ietfa.amsl.com (Postfix) with ESMTP id 4812121F99A3 for <media-types@ietf.org>; Thu, 13 Jun 2013 13:03:19 -0700 (PDT)
Received: from gateway16.websitewelcome.com (gateway16.websitewelcome.com [69.93.164.21]) by pechora3.lax.icann.org (8.13.8/8.13.8) with ESMTP id r5DK2xcE011255 for <media-types@iana.org>; Thu, 13 Jun 2013 20:03:19 GMT
Received: by gateway16.websitewelcome.com (Postfix, from userid 5007) id D7A7857D9A193; Thu, 13 Jun 2013 14:34:00 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway16.websitewelcome.com (Postfix) with ESMTP id C404E57D9A13A for <media-types@iana.org>; Thu, 13 Jun 2013 14:34:00 -0500 (CDT)
Received: from [173.73.135.101] (port=59426 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1UnDHr-0005E9-Tj; Thu, 13 Jun 2013 14:34:24 -0500
Message-ID: <51B9DB28.5090204@ieca.com>
Date: Thu, 13 Jun 2013 10:46:00 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: Alexey Melnikov <alexey.melnikov@isode.com>
References: <51B5E98A.50404@ieca.com> <fd8jr8hcb2e2ls0cporhg27io571n5fb5m@hive.bjoern.hoehrmann.de> <51B9C058.9060803@ieca.com> <51B9D49D.5000502@isode.com> <51B9D656.1050401@ieca.com>
In-Reply-To: <51B9D656.1050401@ieca.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - iana.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (thunderfish.local) [173.73.135.101]:59426
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 7
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
X-Greylist: Delayed for 00:28:14 by milter-greylist-4.0 (pechora3.lax.icann.org [192.0.33.73]); Thu, 13 Jun 2013 20:03:19 +0000 (UTC)
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, media-types@iana.org, draft-ietf-pkix-est.all@tools.ietf.org, app-ads@tools.ietf.org
Subject: Re: [media-types] Update of MIME media type application/pkcs7-mime Registration
X-BeenThere: media-types@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IANA mailing list for reviewing Media Type \(MIME Type, Content Type\) registration requests." <media-types.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/media-types>, <mailto:media-types-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/media-types>
List-Post: <mailto:media-types@ietf.org>
List-Help: <mailto:media-types-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/media-types>, <mailto:media-types-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jun 2013 20:03:27 -0000

On 6/13/13 10:25 AM, Sean Turner wrote:
> On 6/13/13 10:18 AM, Alexey Melnikov wrote:
>> On 13/06/2013 13:51, Sean Turner wrote:
>>> On 6/13/13 6:47 AM, Bjoern Hoehrmann wrote:
>>>> * Sean Turner wrote:
>>>>> The application/pkcs7-mime content type defines the optional "smime-
>>>>> type" parameter [RFC5751].  The smime-type parameter for Server-side
>>>>> Key Generation Response is server-generated-key.
>>>>>
>>>>> smime-type name: server-generated-key
>>>>>
>>>>> Required parameters: None
>>>>
>>>> This should be preceded by
>>>>
>>>>    Type name: application
>>>>
>>>>    Subtype name: pkcs7-mime
>>>>
>>>> If this is supposed to register the application/pkcs7-mime type. But it
>>>> seems to me that using the media type registration template here is not
>>>> correct, I would rather expect "Updates: 5751" and then simply defining
>>>> the additional smime-type parameter, no need for the template.
>>>
>>> It's not registering application/pkcs7-mime is adding a parameter. If
>>> I understand correctly, if we added "Updates: 5751 (once approved)" to
>>> the header we could just omit the template completely?  I'd argue that
>>> if we don't need the template that's great, but what's more important
>>> is that people be able to find these subtypes and the way to do that
>>> is to have them pointed to by the registry not the original document.
>>> How about if we just omit the template and ask IANA to *also* point to
>>> this document from the application/pkcs7-mime registry?
>> Sounds sensible to me. (But also see my other email).
>
> Other email is about using +der and adding some generic considerations
> about parsers.  I'll have to go check on the +der bit with some folks
> but the other suggestion seems very reasonable.

I don't think we can put +der at the end of this because the others 
don't include it.  But on the security considerations how about the 
following:

ASN.1 encoding rules (e.g., DER and BER) have a type-length-value 
structure, and it is easy to construct malicious content with invalid 
length fields that can cause buffer overrun conditions. ASN.1 encoding 
rules allows for arbitrary levels of nesting, which may make it possible 
to construct malicious content that will cause a stack overflow. 
Interpreters of ASN.1 structures should be aware of these issues and 
should take appropriate measures to guard against buffer overflows and 
stack overruns in particular and malicious content in general.

spt

v2.23.0 | Report a Bug | By Email