Re: [secdir] Review of draft-reschke-rfc2231-in-http-10.txt
Tero Kivinen <kivinen@iki.fi> Mon, 01 March 2010 12:53 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3E78728C2EB; Mon, 1 Mar 2010 04:53:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wsNVY3tVNqEh; Mon, 1 Mar 2010 04:53:06 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by core3.amsl.com (Postfix) with ESMTP id F226928C2EC; Mon, 1 Mar 2010 04:53:05 -0800 (PST)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.14.3) with ESMTP id o21Cqwuq023516 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 1 Mar 2010 14:52:58 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id o21CqutG004784; Mon, 1 Mar 2010 14:52:56 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19339.47272.515270.37133@fireball.kivinen.iki.fi>
Date: Mon, 01 Mar 2010 14:52:56 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: Julian Reschke <julian.reschke@greenbytes.de>
In-Reply-To: <4B87D118.1090408@greenbytes.de>
References: <19335.45416.521059.570426@fireball.kivinen.iki.fi> <4B87D118.1090408@greenbytes.de>
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 10 min
X-Total-Time: 9 min
Cc: httpbis-chairs@tools.ietf.org, Graham Klyne <GK@ninebynine.org>, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Review of draft-reschke-rfc2231-in-http-10.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2010 12:53:10 -0000
Julian Reschke writes: > -- snip -- > 5. Security Considerations > > The format described in this document makes it possible to transport > non-ASCII characters, and thus enables character "spoofing" > scenarios, in which a displayed value appears to be something other > than it is. > > Furthermore, there are known attack scenarios relating to decoding > UTF-8. > > See Section 10 of [RFC3629] for more information on both topics. > -- snip -- I think that text adequately covers non-ASCII characters issues. > > I agree on this comment, and the security consideration section should > > include text about the ability to character spoofing. Also as the > > parameters can include different texts for different languages that > > also offers another form of spoofing, for example the example the > > title parameter used in the headers could include different titles for > > different languages which could affect the way the user interprets it. > > > > As this document does not define any specific parameters, the actual > > documents defining parameters using this format specified here should > > include text about whether those spoofing attacks are possible and/or > > meaningful. Having some generic text in this document explaining the > > possible attacks, would make sure those documents include the text > > needed. > > I'm a bit reluctant to add more than I already have. After all, this > applies to *any* IETF spec that has proper I18N, so, in theory, > *everything* the IETF does that allows natural language text. Yes, but the impact of them is different. For example it does not really matter if the filename parameters having different languages differ, but there might be parameters where this really matters. As this document does not define any exact parameters, it might be enough to comment something like that "This document specifies way to transport multiple language variants for parameters, and such use might allow spoofing attacks, where different language versions of the same parameters do not match. Whether this attack is useful as an attack depends on the parameter specified." This way the one writing documents specifying parameters allowing multiple languages and specifying some kind processing on them will think whether this attack affects them or not. > It would be really great if we had a document that summarized common > security considerations, so that "higher-level" specs could just point > to individual parts of these. Such document would probably be so long that it would not be that useful. I think listing exact security considerations specific for this document in the security considerations section is better, altough for background information pointing to another document (like RFC 3629) is enough. > For the spoofing issue I'm now pointing to RFC 3629 -- do you feel we > need more? I am not really sure for what kind of parameters the different language versions are used, so I cannot really comment whether there can be security issues because of them. If you are sure there cannot be any security issues because of them, then you should say so. If you do do not know, then it is better to mention here to make those who use them to think about the security issues they might raise. -- kivinen@iki.fi
- [secdir] Review of draft-reschke-rfc2231-in-http-… Tero Kivinen
- Re: [secdir] Review of draft-reschke-rfc2231-in-h… Julian Reschke
- Re: [secdir] Review of draft-reschke-rfc2231-in-h… Tero Kivinen
- Re: [secdir] Review of draft-reschke-rfc2231-in-h… Julian Reschke
- Re: [secdir] Review of draft-reschke-rfc2231-in-h… Graham Klyne
- Re: [secdir] Review of draft-reschke-rfc2231-in-h… Tero Kivinen