IETF Logo Mail Archive

Re: Injection-Info issues

Frank Ellermann <nobody@xyzzy.claranet.de> Tue, 07 June 2005 01:14 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA11902 for <usefor-archive@lists.ietf.org>; Mon, 6 Jun 2005 21:14:08 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j571Co8S088915 for <ietf-usefor-skb@above.proper.com>; Mon, 6 Jun 2005 18:12:50 -0700 (PDT) (envelope-from owner-ietf-usefor@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j571Cn2f088914 for ietf-usefor-skb; Mon, 6 Jun 2005 18:12:49 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-usefor@mail.imc.org using -f
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j571CkRu088907 for <ietf-usefor@imc.org>; Mon, 6 Jun 2005 18:12:47 -0700 (PDT) (envelope-from usenet-format@gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43) id 1DfSZv-0005NH-Pg for ietf-usefor@imc.org; Tue, 07 Jun 2005 03:08:27 +0200
Received: from 62.80.58.39 ([62.80.58.39]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-usefor@imc.org>; Tue, 07 Jun 2005 03:08:27 +0200
Received: from nobody by 62.80.58.39 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf-usefor@imc.org>; Tue, 07 Jun 2005 03:08:27 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: ietf-usefor@imc.org
From: Frank Ellermann <nobody@xyzzy.claranet.de>
Subject: Re: Injection-Info issues
Date: Tue, 07 Jun 2005 03:09:16 +0200
Organization: <URL:http://purl.net/xyzzy>
Lines: 72
Message-ID: <42A4F3BC.3FE5@xyzzy.claranet.de>
References: <IHGr56.L6z@clerew.man.ac.uk> <429F43A1.355D@xyzzy.claranet.de> <IHIJrA.4AA@clerew.man.ac.uk> <42A0F368.73F3@xyzzy.claranet.de> <IHoDrL.qM@clerew.man.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: 62.80.58.39
X-Mailer: Mozilla 3.0 (OS/2; U)
Sender: owner-ietf-usefor@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-usefor/mail-archive/>
List-Unsubscribe: <mailto:ietf-usefor-request@imc.org?body=unsubscribe>
List-ID: <ietf-usefor.imc.org>
Content-Transfer-Encoding: 7bit

Charles Lindsey wrote:
 
> the IANA registry for each media type includes details
> of all the parameters appropriate for that media type.

Checking draft-lilly-text-troff-04.txt and RfC 3676, yes,
it does.

> we have not proposed an IANA Registry for Injection-Info
> parameters (thoug we could if we were so minded).

Not at the moment.  Add authentication= with a reference
to the new NNTPauth, Russ said that this is a good idea.
Alexey would warn us if NNTPauth is blocked.

> Which means that <attribute>s are different from <token>s,
> which is what I said.

That didn't change "x-", 2045 had attribute := token, and
x-token is a special case of extension-token unrelated to
attribute.  

x-token is only used in mechanism (7bit, 8bit, etc.), in
subtype, and in type (indirectly), not in any parameter.

Maybe I should test x-9bit for the nonets in RfC 4042. 

> 2045 most certainly did "strange things" with <x-token>s,
> and <attribute>s inherit those same "strange things".

In my copy <attribute> comes nowhere near to any <x-token>,
<extension-token>, <iana-token>, or <ietf-token>.  It's in
"appendix A - collected grammar", the last three pages.

"x-attribute" does not exist, it's a hallucination.  If you
say that you want to create it from scratch it's fine, you
could use the SPF trick.  Or merge it with 2231 <shudder />

> You just tell people that, if they post through your server,
> then the Injection-Info header will identify them. If they
> don't like that, then they have to go to a different server.
> That is the EU law (slightly simplified, I grant you).

Anoymous and pseudonumous access is a right in a German law,
and the threads discussing this issue put together in a row
are worse than our "Re: ferences" here.  I'm not directly
affected, my favourite server is news.clara.net in the UK ;-)

> In general, the Americans are less squeamish :-( .

They can't spell privacy without a dictionary.  They don't
understand why any @gmail address is begging for a *PLONK*.

> That vulnerability is nothing to do with RFC 2231.

It's about MIME, and this part of the debate was about USEFOR
2.3 "MIME Conformance":

| User agents MUST meet the definition of MIME-conformance in
| [RFC2049] and MUST also support [RFC2231].

2049 is "minimal MIME conformance", 2231 did not update 2049.
Anyway, for USEFOR we need security considerations about 2231:

  MIME security considerations are discussed in [RFC2046].
  Note that applying some [RFC2231] extensions for parameters
  like multi-line paramters on a boundary parameter as defined
  in [RFC2046] might be abused to bypass simple algorithms
  trying to analyze MIME parts.

That's all.  Bye, Frank

v2.23.0 | Report a Bug | By Email