Re: [secdir] SECDIR review of draft-ietf-appsawg-multipart-form-data-08
Larry Masinter <masinter@adobe.com> Wed, 08 April 2015 06:31 UTC
Return-Path: <masinter@adobe.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E93231AD377; Tue, 7 Apr 2015 23:31:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jC3UxZ6j1eof; Tue, 7 Apr 2015 23:31:03 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0626.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:626]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A131A1AD37C; Tue, 7 Apr 2015 23:31:02 -0700 (PDT)
Received: from DM2PR02MB1322.namprd02.prod.outlook.com (25.161.142.21) by DM2PR02MB1324.namprd02.prod.outlook.com (25.161.142.23) with Microsoft SMTP Server (TLS) id 15.1.118.21; Wed, 8 Apr 2015 06:30:44 +0000
Received: from DM2PR02MB1322.namprd02.prod.outlook.com ([25.161.142.21]) by DM2PR02MB1322.namprd02.prod.outlook.com ([25.161.142.21]) with mapi id 15.01.0118.029; Wed, 8 Apr 2015 06:30:44 +0000
From: Larry Masinter <masinter@adobe.com>
To: Chris Lonvick <lonvick.ietf@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-appsawg-multipart-form-data.all@tools.ietf.org" <draft-ietf-appsawg-multipart-form-data.all@tools.ietf.org>
Thread-Topic: SECDIR review of draft-ietf-appsawg-multipart-form-data-08
Thread-Index: AQHQbJ9sAFA7MLO800ael97UJqkWgZ1CPHyA
Date: Wed, 08 Apr 2015 06:30:44 +0000
Message-ID: <22407EB2-5E94-42F1-B191-6955F35F4098@adobe.com>
References: <551C2791.7090206@gmail.com>
In-Reply-To: <551C2791.7090206@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/15.8.0.150303
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [50.184.24.49]
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR02MB1324;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10009020)(377454003)(479174004)(66066001)(2201001)(46102003)(2900100001)(2950100001)(87936001)(2656002)(92566002)(16236675004)(36756003)(15975445007)(102836002)(54356999)(122556002)(50986999)(40100003)(76176999)(107886001)(82746002)(83506001)(86362001)(33656002)(230783001)(62966003)(83716003)(99286002)(19580405001)(77156002)(19617315012)(16601075003)(19580395003)(2501003)(106116001)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR02MB1324; H:DM2PR02MB1322.namprd02.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <DM2PR02MB13246381AE10DA26539D67F3C3FC0@DM2PR02MB1324.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002010)(5005006); SRVR:DM2PR02MB1324; BCL:0; PCL:0; RULEID:; SRVR:DM2PR02MB1324;
x-forefront-prvs: 0540846A1D
Content-Type: multipart/alternative; boundary="_000_22407EB25E9442F1B1916955F35F4098adobecom_"
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2015 06:30:44.2221 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR02MB1324
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/_HFKpjLq_7qELGekK6cJJP5B15g>
X-Mailman-Approved-At: Wed, 08 Apr 2015 08:03:20 -0700
Subject: Re: [secdir] SECDIR review of draft-ietf-appsawg-multipart-form-data-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 06:31:06 -0000
On 4/1/15, 10:14 AM, "Chris Lonvick" <lonvick.ietf@gmail.com<mailto:lonvick.ietf@gmail.com>> wrote: > I would suggest placing the last paragraph of the Security Considerations section at the top of the section. That paragraph seems to be the most comprehensive in these considerations, and the other paragraphs seem to augment and give specific details. It just seems to me that it would provide a better flow to reading that section. I tried it and it didn’t flow any better. I’d make the edit if I felt it made a difference but I don’t think it helps. Also, I'm just not sure that I'm following the second paragraph of Appendix B: More problematic is the ambiguity introduced because implementations did not follow [RFC2388<https://tools.ietf.org/html/rfc2388>] because it used "may" instead of "MUST" when specifying encoding of field names, and for other unknown reasons, so now, parsers need to be more complex for fuzzy matching against the possible outputs of various encoding methods. Please correct me if I'm off base here, but it sounds like the ambiguity set in because implementations WERE following RFC 2388 by making choices on their own (due to the "may"s) rather than being directed to make uniform choices which would have been mandated if that RFC had used "MUST"s. This is also editorial, as to who is at fault. if the spec says “you can use method A for situation S” and implementor says “didn’t say MUST, so I’ll use method B instead”, do you blame the spec writer or the implementor. I'd implementors to read IETF RFCs with engineering common sense and not play legalistic games around normative terms. So I’lm going to stick with my language. Finally, I usually advocate giving directions to implementers about what to do if they find implementations using the older, outdated spec. As an example, what should a receiver do if it gets a ContentType that does not have a "boundary" parameter? However, as I'm not really familiar with this technology, and as the document says there are many ways to do all of this, then I'm not sure that could or should be discussed. If it is something that would better define behavior then I would suggest providing some guidance here. the boundary parameter is used in all multipart types, which are widespread in the Internet. The common understanding of multipart is why we picked it for framing form-data, even though it’s ugly and the probabilistic boundary generation drives lots of people crazy. So this kind of stuff that is inherited from MIME doesn’t need discussing. The main reason this update was even necessary is because that advantage wasn’t as great any more, and thus the divergences from other multipart types. Larry — http://larry.masinter.net
- [secdir] SECDIR review of draft-ietf-appsawg-mult… Chris Lonvick
- Re: [secdir] SECDIR review of draft-ietf-appsawg-… Barry Leiba
- Re: [secdir] SECDIR review of draft-ietf-appsawg-… Larry Masinter