IETF Logo Mail Archive

Re: [P2PSIP] Enrollment server handling base64 encoded csr parameter

Marc Petit-Huguenin <petithug@acm.org> Fri, 21 June 2013 17:51 UTC

Return-Path: <petithug@acm.org>
X-Original-To: p2psip@ietfa.amsl.com
Delivered-To: p2psip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9344521F9BFA for <p2psip@ietfa.amsl.com>; Fri, 21 Jun 2013 10:51:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.15
X-Spam-Level:
X-Spam-Status: No, score=-2.15 tagged_above=-999 required=5 tests=[AWL=0.450, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o8icX50XSGnN for <p2psip@ietfa.amsl.com>; Fri, 21 Jun 2013 10:51:24 -0700 (PDT)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id 441A121F9948 for <p2psip@ietf.org>; Fri, 21 Jun 2013 10:51:23 -0700 (PDT)
Received: from [IPv6:2601:9:4bc0:41:cc99:88ae:cf1a:af93] (unknown [IPv6:2601:9:4bc0:41:cc99:88ae:cf1a:af93]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id E02E72021A; Fri, 21 Jun 2013 19:51:21 +0200 (CEST)
Message-ID: <51C49297.5010407@acm.org>
Date: Fri, 21 Jun 2013 10:51:19 -0700
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130518 Icedove/17.0.5
MIME-Version: 1.0
To: Michael Chen <michaelc@idssoftware.com>
References: <20130621100813.59ca11a9ba9389561a029f06442e67fa.e623a2cc5a.mailapi@email03.secureserver.net>
In-Reply-To: <20130621100813.59ca11a9ba9389561a029f06442e67fa.e623a2cc5a.mailapi@email03.secureserver.net>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: p2psip@ietf.org
Subject: Re: [P2PSIP] Enrollment server handling base64 encoded csr parameter
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Jun 2013 17:51:25 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Michael,

On 06/21/2013 10:08 AM, Michael Chen wrote:
> Hi Marc,
> 
> A bug in my program sent the following multi-part header followed by the
> pkcs10 DER binary, but your server ignored the transfer encoding header and
> processed the csr:
> 
> --0xD2454C4F Content-Disposition: form-data; name="csr" Content-Type:
> application/pkcs10 Content-Transfer-Encoding: base64
> 
> <CSR DER binary>
> 
> --0xD2454C4F
> 
> RFC2311 (referenced in section 11.3 of p2psip-base) does describe the use
> of base64 encoded application/pkcs10 content type (3.7.2). The p2psip-base
> draft should either endorse or explicitly exclude the base64 encoding
> stated in RFC2311.
> 

Hmm, RFC 2616 states in section 19.4.5:

   HTTP does not use the Content-Transfer-Encoding (CTE) field of RFC
   2045. Proxies and gateways from MIME-compliant protocols to HTTP MUST
   remove any non-identity CTE ("quoted-printable" or "base64") encoding
   prior to delivering the response message to an HTTP client.

On the other hand RFC 2388 has an example using CTE:

    --AaB03x
    content-disposition: form-data; name="field1"
    content-type: text/plain;charset=windows-1250
    content-transfer-encoding: quoted-printable

    Joe owes =80100.
    --AaB03x

Perhaps what RFC 2616 meant was that CTE cannot be used as an header, but can
be used as a MIME parameter.  But as HTTP never had any 7bit/8bit issues, I
doubt it.

For the sake of interoperability, I filled a bug to add support for CTE in
form-data my server.

- -- 
Marc Petit-Huguenin
Email: marc@petit-huguenin.org
Blog: http://blog.marc.petit-huguenin.org
Profile: http://www.linkedin.com/in/petithug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRxJKPAAoJECnERZXWan7EFHUP/3LFuKBZ/mQZRVfIvlVUR4g0
6ZGrXMmZ0szR/S1LGBtN2Rwp/UdLqGo1EN0rP75ZtGQefJJ3MzMbFi6mE4kgPOLj
cthl11+SbbpJKUDL8MJHGWrMsYUPX0DASs7+Si/nqKCigm4INkhkOngnoB4D5x6N
DetwUvbsmnmxejwWbiOTQ0YdHSI1F4el8R4T6S3cRgGCHSNKADP0fd7T14mxYPpH
1Lgnr4WI6jczovLl//314S45g7vgSvMUtiRkjURON6lLD1GTb+6/sB9yTZ0lftEe
qxRXRf226VHVyVHjgEh+giCSCpDCbql8ny+q43IFZWtoMv4IXo+NiTiMALwIvfwp
NmmYObyFrbEjZC582xV2rIZSF/MgWad91p0BChwQ0gP7PaxkMQdZWqK1Uv58aszZ
AW+6YGu9yhzmoi9FO3uFLlab+wElD4JiNHj7BdbbghJW2Pkcrubg0uj4OJoqSuYM
uj4Ilj9IJtf4BGG1aOBM2SS+feIXhVomAVW9JiW9x3mqAMErSzoYjT7bR5Vgtxbo
c20sviT3lYp2bGqPPAUNz+85adsMaz6gIZyzaGsivQnk4zI/uwxkaSj0NUXzoOgv
VDLk/yo1KfDx+r6NTP3PIgpLW3nfLvHDw/8rGPeLhLNVMW8HOp5HrBHAeJDbGGIW
2xpEV4fpnTZZ/3zpI0gi
=WhEI
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email