IETF Logo Mail Archive

Re: NUL handling and security considerations [was: Re: My open issues with RFC3028bis]

Alexey Melnikov <alexey.melnikov@isode.com> Sat, 16 July 2005 14:13 UTC

Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6GEDhsD049275; Sat, 16 Jul 2005 07:13:44 -0700 (PDT) (envelope-from owner-ietf-mta-filters@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j6GEDh60049274; Sat, 16 Jul 2005 07:13:43 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-mta-filters@mail.imc.org using -f
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6GEDgQT049268 for <ietf-mta-filters@imc.org>; Sat, 16 Jul 2005 07:13:43 -0700 (PDT) (envelope-from alexey.melnikov@isode.com)
Received: from [172.16.2.110] (shiny.isode.com [62.3.217.250]) by rufus.isode.com via TCP (internal) with ESMTPA; Sat, 16 Jul 2005 15:13:37 +0100
Message-ID: <42D91611.9090905@isode.com>
Date: Sat, 16 Jul 2005 15:13:37 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ned Freed <ned.freed@mrochek.com>
CC: ietf-mta-filters@imc.org
Subject: Re: NUL handling and security considerations [was: Re: My open issues with RFC3028bis]
References: <E1Do7RW-0002QU-TU@nostromo.freenet-ag.de> <200507010537.j615bTST035402@lab.smi.sendmail.com> <20050701090227.GB10060@nostromo.freenet-ag.de> <200507020516.j625G1rE050221@lab.smi.sendmail.com> <01LQ54CXB1B000004T@mauve.mrochek.com>
In-Reply-To: <01LQ54CXB1B000004T@mauve.mrochek.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-mta-filters@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-mta-filters/mail-archive/>
List-ID: <ietf-mta-filters.imc.org>
List-Unsubscribe: <mailto:ietf-mta-filters-request@imc.org?body=unsubscribe>

Ned Freed wrote:

>>>I may be stretching it too far here, but AFAIK, there are implementations
>>>that truncate strings, thus corrupting test results.  Trying to label them
>>>non-conforming probably won't succeed, but we should not silently ignore
>>>this problem.
>>>      
>>>
>>I guess there are two choices:
>>A) Require correct handling of NUL
>>B) Strongly prefer correct handling of NUL and warn about the dangers of
>>   not doing so in the security considerations
>>    
>>
>I have no major problem with A but I think B is a better choice. FWIW, the
>implementation I work on has no problem handling NULs, but I worry that
>this will make many other implementations non-conforming.
>
I suspect that Cyrus Sieve doesn't handle encoded NULs properly. So I 
would prefer B.

v2.30.2 | Report a Bug | By Email | System Status