IETF Logo Mail Archive

Re: [regext] AD review of draft-ietf-regext-unhandled-namespaces-06

"Gould, James" <jgould@verisign.com> Tue, 26 January 2021 19:07 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 241633A0D9A; Tue, 26 Jan 2021 11:07:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPyg6fugsAE3; Tue, 26 Jan 2021 11:07:00 -0800 (PST)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C13A3A0D99; Tue, 26 Jan 2021 11:07:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2522; q=dns/txt; s=VRSN; t=1611688020; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=FpC+Noy3vWIv6FV/Wi+EaBrYzZINZP6ef2rwPeZoM/0=; b=IVPxGtXtt8UvkkuROh+PIBJ1AufLR5N2i9etGxg/rcxeZsUvp51urFwL fwovVk6y1TIc+4yxExrFXOBVkiCKRp4qtCQBTsyw3R+2yYPhtIaGszYUI H4hEQq800kHU+WcNKhRcLo1d1KDbARIpfVNBpxKGscy347jWDYChWrGoH qONkeiTd4/OJr6zq4sC76x8nq6IIufA7W/UwtaNVuzF3GoHJ31RzoRMja wAYkEaSsgfxiYlNFsAUc8Py8l27xGgBXGiqdcng/ecr9ZTXAL6YvOgqh8 SIc+t+U4IB1YuoNqam/hvGzGE2nAy2LvBpiM3aeNiHQdfo0O0Ko79JrQn w==;
IronPort-SDR: 5wULrxDVyN0jZzVHS9ubG8rKNASNL27O+YEjxEhO1HbJJh+izykqb1Qrsqq3mkeN2l6b7rri0j wqKGVPw8+5xobziI+a8yfNEt4Mo/V9UV+hmqKlEsYkXE8zI1yEIhMg4CnSyN5nw2aORt8DPlHK ny9YFoIHrKwJGrM7+Hj1KFm/JViUkWL/XTgpDTGiLCoRBSMGINYwe/EPX+u84QjxFpKgzVyLtc 2s18OQyfsu0d5myXslA2xbhDDEnxqH1RNPazHEhDFw9WW/2hIapXqgNJCtJoz4Sd2CKyoAkp1U Bgo=
X-IronPort-AV: E=Sophos;i="5.79,377,1602547200"; d="scan'208";a="4410638"
IronPort-PHdr: 9a23:v7yG7xB0Il7OHkIAQJawUyQJP3N1i/DPJgcQr6AfoPdwSP36o82wAkXT6L1XgUPTWs2DsrQY0ruQ6f6rBDBIoc7Y9ixbL9oUD15NoP5VtjRoONSCB0z/IayiRA0BN+MGamVY+WqmO1NeAsf0ag6aiHSz6TkPBke3blItdaz6FYHIksu4yf259YHNbAVUnjq9Zq55IAmroQnLucQanI9vJrwvxhbIrXdFe+tbzn5sKV6Pghrw/Mi98INh/ihKp/4t68tMWrjmcqolSrBVEC4oOH0v6s3xshnDQwqP5n8CXWgTjxFFHQvL4gzkU5noqif1ufZz1yecPc3tULA7Qi+i4LtxSB/pkygIKTg0+3zKh8NqjaJbpBWhpwFjw4PRfYqYOuZycr/bcNgHQ2dKQ8RfWDFbAo6kb4UBEfcPPfpWoYf+qVQOrAexCwajC+701j9HnXr20bEm3+k7EwzL2hErEdIUsHTTqdX4LKkeX+GyzKnVyTXMcuta0ir55ofSdxAuv+qMUbxtesfWy0kvGATFjkiUqYP4JD6VyPoCs3Ka7+p7VOKvhGgnpxttrTiow8chk4/EjZ8axV7Y7yt22po1JcGmR05hZ96pCIdduiWVOYZ0Rs4vQX1ltDo4x7MIupO3YicExZsjyhDfZPKKfYqF7g79WeuNPTp1gHxrdKyhihu88Uas1/PwWMmy3V1XoCRFldzMuWoM1xzV8sWHVOVy/l2g2TaU1gDT5edEIUEylaXHMZIu3rkwlp8VvE/eHSH2gF37gLKKekk+5+Sl6erqbq/7qpKcOYJ4kA7zP6c2lsCiHeg0KBUCUmqH9eimybHu8k70TK9XgvA1lKTSrYrUKt4BpqGjBg9YyoMj6xGiADi4yNkYhnwHLE5deBKAkojpJ0nCIPDmAve7hFShiCpmyezeMLH8AprDNnfNn7b9cbpg8UJc1hY8zddF55JMEL0OOu/8VlXvtNzCFR85NRa4zPrgCNV4zo8eWGSPDbGFMK7KrFOE+vgjL/SOaYIbojrxNvgo6vD0gXI2mlIRZayp0oEWaHC8EPRmOUKZYX/0j9cDHmcKuRc+TOj3h1CZTz5ceWyyX6Mn5jE6B4KmC53PSZyqgLyExCu7BIFZZnhaClCQFnflb56LVO0WaCKIIs5hliILVbm6RIA7zhyhqAj6y79/LurJ5i0Xq4jj2MJy5+3JmhE47SZ0ANiF02GRU2F0mXsFSCIs3K9lr0x91k6P0almjPxEG9xf/ulJXRk1NZHCwO16F8n+Wh/HfteJUlmmRMipATUvQd0s2tMOZVxyG9C8gRDYxyqlGaMamKKQBJAu6K3c23zxKt18y3nYyKkhgUMqQsxVNW2pnqR/7RTcB5bVk0WFkKanbb4c0zDC9GidwmuOoFpVUA9uXqXZU3ATfEzWrc725hCKc7j7Q74uKBFQzcODIKJiYdrslUhaSe2lP87RKSrlkW6qHweMy7KGZaLhfGAFwTnQEg4DiQ9FrlicMg1rTAimvmbSSHRMHFfieAmkpetxr26/QmcqwhuLdExu0fy+/RtD1q/UcO8awr9R4HRpkD5zBlvoh98=
X-IPAS-Result: A2FtEgAWZxBg/zCZrQpfAxwBAQE8AQEEBAEBAgEBBwEBFYFRgx+BOQqENpFYA4N9mAg8CwEBAQEBAQEBAQgBHxAEAQEChEgZgWMmOBMCAwEBCwEBAQUBAQEBAQYDAQEBAoYhBicBC4I4Ins9DT0BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEFAggHTQdHAR8BBAEjEUUSAQgaAiYCBDAVEgQOBYMmAYJmsnKBMopZgQ4qAYZ7gk6BTYInQYFCPoE4HIFqbD6EJhgXCiaCUjSCLASBVIFYQw+BEg8TGAcGCgYBKAMWIiaPVIMlpTADB4J3iTCSQh+EW54dlB6JIBKBbZY3AgQCBAUCFoFtgXtwFWUBgj4JRxcCDY1HhEuKWHQOJgMCBgEJAQEDCYlRLYEGgREBAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 26 Jan 2021 14:06:59 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2106.006; Tue, 26 Jan 2021 14:06:59 -0500
From: "Gould, James" <jgould@verisign.com>
To: "barryleiba@computer.org" <barryleiba@computer.org>
CC: "draft-ietf-regext-unhandled-namespaces.all@ietf.org" <draft-ietf-regext-unhandled-namespaces.all@ietf.org>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: Re: AD review of draft-ietf-regext-unhandled-namespaces-06
Thread-Index: AQHW9BZr6qIw/nq0tU69LocgkKp08Q==
Date: Tue, 26 Jan 2021 19:06:58 +0000
Message-ID: <F441E05E-745D-47E6-9F5B-2B6518E1757F@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <AA4377FA14372B4DA04197872C84AE17@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/2KGxBHq9J0p3-MM6EMG2epAyfNo>
Subject: Re: [regext] AD review of draft-ietf-regext-unhandled-namespaces-06
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2021 19:07:02 -0000

Barry,

Done, draft-ietf-regext-unhandled-namespaces-07 has been posted.  Let us know if you have any additional feedback.

Thanks,

-- 
 
JG



James Gould
Fellow Engineer
jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/>

On 1/26/21, 1:47 PM, "Barry Leiba" <barryleiba@computer.org> wrote:


    All good, and thanks.  Go ahead and post a revised I-D when you're ready.


    >>     The answer to all of that might be “no”, but it would be good to… as
    >>     we used to say in school, show your work.
    >
    > Yes, the quick answer is that I don't see the server using this as a
    > source for an attack, but we can add a consideration to help mitigate
    > it.  I can add the sentence "Since the unhandled namespace context is
    > XML that is not processed in the first pass by the XML parser, the
    > client SHOULD consider validating the XML when the content is
    > processed to protect against the inclusion of malicious content."  The
    > content is not processed by a client that doesn't support the service,
    > where the <extValue> element provides a signal of the lack of client
    > support along with the XML content that is initially unprocessed.  If
    > the client does decide to process the XML content systematically, the
    > additional sentence can provide guidance to not open up a security
    > hole.  Do you believe this will help?  Do you have any additional
    > recommended text?

    I have nothing further to recommend, and I do think it will help -- if
    at least to show that it was thought about, and that the "nothing new
    here" statement isn't just perfunctory.  Thanks.

    Barry

v2.23.0 | Report a Bug | By Email