Re: [Sidrops] Manifest entry filename validation
Job Snijders <job@ntt.net> Thu, 19 November 2020 16:47 UTC
Return-Path: <job@ntt.net>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01B6E3A0A50 for <sidrops@ietfa.amsl.com>; Thu, 19 Nov 2020 08:47:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 57XWOiLMH3Hn for <sidrops@ietfa.amsl.com>; Thu, 19 Nov 2020 08:47:07 -0800 (PST)
Received: from mail4.dllstx09.us.to.gin.ntt.net (mail4.dllstx09.us.to.gin.ntt.net [128.241.192.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41D2C3A0A4E for <sidrops@ietf.org>; Thu, 19 Nov 2020 08:47:07 -0800 (PST)
Received: from bench.sobornost.net (mieli.sobornost.net [45.138.228.4]) by mail4.dllstx09.us.to.gin.ntt.net (Postfix) with ESMTPSA id 132D2EE00F6; Thu, 19 Nov 2020 16:47:05 +0000 (UTC)
Received: from localhost (bench.sobornost.net [local]) by bench.sobornost.net (OpenSMTPD) with ESMTPA id 0a32f49f; Thu, 19 Nov 2020 16:47:03 +0000 (UTC)
Date: Thu, 19 Nov 2020 16:47:03 +0000
From: Job Snijders <job@ntt.net>
To: Erik Rozendaal <erozendaal@ripe.net>
Cc: sidrops@ietf.org
Message-ID: <X7ahh3zPgfI2C6dI@bench.sobornost.net>
References: <18CC986C-97FA-41F6-A530-F782D3104A31@ripe.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <18CC986C-97FA-41F6-A530-F782D3104A31@ripe.net>
X-Clacks-Overhead: GNU Terry Pratchett
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/x3cxwOyKgiWXNEhSu51m5hOuzKs>
Subject: Re: [Sidrops] Manifest entry filename validation
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2020 16:47:09 -0000
On Thu, Nov 19, 2020 at 10:03:53AM +0100, Erik Rozendaal wrote: > Summary: > > We think the manifest RFC 6486 should define rules used for the > filename entries in a manifest. I dont think one would want to go as far as to "make rpki work on case insensitive filesystems like some versions of macosx or windows". RPKI objects map to RPKI files. Paths and filenames are considered from the IEEE Std 1003.1-2008 / POSIX.1 interface perspective to improve portability. Filesystems with with an assortment of capability limitations (example FAT32's case insensitivity or small filename length limits) just aren't suitable. > Our proposal is to only allow a minimal set of characters from the > ASN.1 IA5String type: a-z, A-Z, 0-9, . (dot), - (dash), _ > (underscore). Furthermore blank entries, ".", and ".." must not be > allowed. Filename extensions should be matched in a case insensitive > manner when determining object type (ROA, CRL, etc). Or alternatively the spec requires all RPKI filename extensions to be lower case? At the moment of writing all published rpki files seem to use lower case anyhow. > These rules validate all current objects from the major trust anchors > (all RIRs and APNIc AS0). They avoid special URI characters and > characters that may be used to navigate file system directories. > > We may also want to add rules such as: > > - Avoid illegal (Windows) filenames such as PRN, NUL, or CON (see > https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file I consider attempting to protect against windows-specific bugs very much out of scope for this working group :-) > - Require that all entries have a three letter filename extension. ack > - Prohibit entries that only differ by upper or lower case (FOO.CER vs > foo.cer). Requiring filename extensions to be lowercase addresses some of this, but 'FOO.cer' and 'foo.cer' really are separate paths. Regards, Job
- [Sidrops] Manifest entry filename validation Erik Rozendaal
- Re: [Sidrops] Manifest entry filename validation Stephen Kent
- Re: [Sidrops] Manifest entry filename validation Erik Rozendaal
- Re: [Sidrops] Manifest entry filename validation Job Snijders
- Re: [Sidrops] Manifest entry filename validation Tim Bruijnzeels
- Re: [Sidrops] Manifest entry filename validation Stephen Kent
- Re: [Sidrops] Manifest entry filename validation Job Snijders
- Re: [Sidrops] Manifest entry filename validation Job Snijders
- Re: [Sidrops] Manifest entry filename validation Stephen Kent
- Re: [Sidrops] Manifest entry filename validation Ties de Kock
- Re: [Sidrops] Manifest entry filename validation Job Snijders
- Re: [Sidrops] Manifest entry filename validation Russ Housley
- Re: [Sidrops] Manifest entry filename validation Di Ma
- Re: [Sidrops] Manifest entry filename validation Tim Bruijnzeels
- Re: [Sidrops] Manifest entry filename validation Ties de Kock
- Re: [Sidrops] Manifest entry filename validation Robert Kisteleki
- Re: [Sidrops] Manifest entry filename validation Stephen Kent
- Re: [Sidrops] Manifest entry filename validation Job Snijders
- Re: [Sidrops] Manifest entry filename validation Russ Housley
- Re: [Sidrops] Manifest entry filename validation Tim Bruijnzeels
- Re: [Sidrops] Manifest entry filename validation Stephen Kent
- Re: [Sidrops] Manifest entry filename validation Tim Bruijnzeels