Re: [Sidrops] Manifest entry filename validation

[Job Snijders <job@ntt.net>]

On Thu, Nov 19, 2020 at 10:03:53AM +0100, Erik Rozendaal wrote:
> Summary:
> 
> We think the manifest RFC 6486 should define rules used for the
> filename entries in a manifest.

I dont think one would want to go as far as to "make rpki work on case
insensitive filesystems like some versions of macosx or windows".

RPKI objects map to RPKI files. Paths and filenames are considered from
the IEEE Std 1003.1-2008 / POSIX.1 interface perspective to improve
portability.

Filesystems with with an assortment of capability limitations (example
FAT32's case insensitivity or small filename length limits) just aren't
suitable.

> Our proposal is to only allow a minimal set of characters from the
> ASN.1 IA5String type: a-z, A-Z, 0-9, . (dot), - (dash), _
> (underscore).  Furthermore blank entries, ".", and ".." must not be
> allowed. Filename extensions should be matched in a case insensitive
> manner when determining object type (ROA, CRL, etc).

Or alternatively the spec requires all RPKI filename extensions to be
lower case? At the moment of writing all published rpki files seem to
use lower case anyhow.

> These rules validate all current objects from the major trust anchors
> (all RIRs and APNIc AS0). They avoid special URI characters and
> characters that may be used to navigate file system directories.
> 
> We may also want to add rules such as:
> 
> - Avoid illegal (Windows) filenames such as PRN, NUL, or CON (see
>  https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file

I consider attempting to protect against windows-specific bugs very much
out of scope for this working group :-)

> - Require that all entries have a three letter filename extension.

ack

> - Prohibit entries that only differ by upper or lower case (FOO.CER vs
> foo.cer).

Requiring filename extensions to be lowercase addresses some of this,
but 'FOO.cer' and 'foo.cer' really are separate paths.

Regards,

Job