Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-23.txt
ned+uta@mrochek.com Sun, 17 June 2018 00:55 UTC
Return-Path: <ned+uta@mrochek.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCCE9130E12 for <uta@ietfa.amsl.com>; Sat, 16 Jun 2018 17:55:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PHnMJJCSaimI for <uta@ietfa.amsl.com>; Sat, 16 Jun 2018 17:55:42 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [68.183.62.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45633130DFC for <uta@ietf.org>; Sat, 16 Jun 2018 17:55:42 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01QTS8QMLI4G013G79@mauve.mrochek.com> for uta@ietf.org; Sat, 16 Jun 2018 17:50:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=201712; t=1529196639; bh=dZhu9suCqJLBbBpDzxBAfyrZgPSKWcNNiKgDZD4cBbQ=; h=From:Cc:Date:Subject:In-reply-to:References:To:From; b=e1C5v6uo0uiOUTsKekG6jKPDNIsPcy7g7tYFSqwyfYTAr8PbaPvfBaCzYg0eMD+yX gPvB4ohWyZfEfT6OH0Tg5Gwg2pcC3bW3IskEnFY5eK9L752qUiEJA+dzmB2zCC+61s aH78A06bp9HeNb8mYq3vmiGm6MMxDoMW2X+Qom7w=
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="us-ascii"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01QTQJ594ZB4010GDE@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for uta@ietf.org; Sat, 16 Jun 2018 17:50:35 -0700 (PDT)
From: ned+uta@mrochek.com
Cc: uta@ietf.org
Message-id: <01QTS8QK3Z50010GDE@mauve.mrochek.com>
Date: Sat, 16 Jun 2018 17:48:05 -0700
In-reply-to: "Your message dated Thu, 14 Jun 2018 15:16:04 -0400" <EC082EFE-C1C9-496B-B8EE-B49FDDD7B4A6@dukhovni.org>
References: <152897880480.441.9920870371227371865@ietfa.amsl.com> <bef3efbe-0bec-9725-b7a2-224d6bbab24b@isode.com> <m38t7hur3m.fsf@carbon.jhcloos.org> <EC082EFE-C1C9-496B-B8EE-B49FDDD7B4A6@dukhovni.org>
To: Viktor Dukhovni <ietf-dane@dukhovni.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/sClzRnVTKGYRuBMaBvVkmwhS0WY>
Subject: Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-23.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jun 2018 00:55:44 -0000
> > On Jun 14, 2018, at 3:04 PM, James Cloos <cloos@jhcloos.com> wrote: > > > >> https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-smtp-tlsrpt-23 > > > > Some newlines got lost in that update. > > > > The diff makes it easy to see. > > > > Also, the new copy needs: > > > > s/by and Adler-32/by an Adler-32/ > > > > Otherwise it looks good. > I am surprised to see the security considerations refer to > multi-file gzip inputs, and processing of the filename > metadata inside the gzip stream. I've never seen anyone > do that. In practice 'gzip' archives are assumed to > contain just one "file", and the name from the gzip > metadata is ignored, instead the user specified where > to write the output. If you are registering a media type suffix you have to cover all of the format's capabilities. What has or has not been used in the past is irrelevant. > I rather think it makes more sense here to specify that > the "+gzip" MIME sub-type always holds exactly one > compressed object, and that the filename hint in > the compressed stream should be ignored. It's not a subtype, it's a suffix that applies to all future uses of gzip in any future media type. Are you completely confident that this will in fact be the right choice for all future uses? > By far the more interesting issue with compressed > content, is potential DoS, because small inputs > can uncompress to unreasonably large outputs. > Applications might want to set limits on the amount > of data they're willing to extract from the compressed > stream. That's covered in the format's security considerations, but of course it could be repeated here if you think it's important to do so. Ned
- Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-… ned+uta
- Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-… Viktor Dukhovni
- Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-… ned+uta
- Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-… Alexey Melnikov
- Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-… James Cloos
- Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-… Viktor Dukhovni
- Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-… James Cloos
- Re: [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-… Alexey Melnikov
- [Uta] I-D Action: draft-ietf-uta-smtp-tlsrpt-23.t… internet-drafts