Re: [xmpp] IQ Handling vulnerabilities

Kevin Smith <kevin@kismith.co.uk> Fri, 07 February 2014 12:22 UTC

Return-Path: <k.i.smith@gmail.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C53D1A1DE2 for <xmpp@ietfa.amsl.com>; Fri, 7 Feb 2014 04:22:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X2EFNIlMixoC for <xmpp@ietfa.amsl.com>; Fri, 7 Feb 2014 04:22:33 -0800 (PST)
Received: from mail-vc0-x22f.google.com (mail-vc0-x22f.google.com [IPv6:2607:f8b0:400c:c03::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 17AFB1A0398 for <xmpp@ietf.org>; Fri, 7 Feb 2014 04:22:32 -0800 (PST)
Received: by mail-vc0-f175.google.com with SMTP id ij19so2553985vcb.34 for <xmpp@ietf.org>; Fri, 07 Feb 2014 04:22:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=cPdd0Rn1lM1Zcf5oPCeyPGaakK4GWBKmafny2ChSGOY=; b=0hHeL1b2f3GeljanJH5PPAtfsP4N98FJoa4ML27PuAZKxe4mPz7UHaTa/444rN3vcY 0JVnbWK5EMacayJE1QreTQtKnMpCiRlYafzdYFopX43IwNZmGkgSIyXhbb1IrCZAeYlZ E7hlBxKMCPDH4Crqqnu9i+zB6R/4NyYj/pDBU/7T4JZwcSiupi07k5c3YS8LKp0aOe3D EN4U+Py8cRRaR5Y34k4MOnL/IIW4OykSG7HirpfCOygAiSR5J5IlEWYiDFUGEitVK/uf yPLwWWVxL38r5uQA55J6Q/kjYMoqm574gGPJ1nG1lUat/SLOsQjwnETFeOZcWOkw4U8t KZYg==
MIME-Version: 1.0
X-Received: by 10.221.37.1 with SMTP id tc1mr281576vcb.32.1391775752881; Fri, 07 Feb 2014 04:22:32 -0800 (PST)
Sender: k.i.smith@gmail.com
Received: by 10.52.245.134 with HTTP; Fri, 7 Feb 2014 04:22:32 -0800 (PST)
In-Reply-To: <CF194491.38AD3%jhildebr@cisco.com>
References: <CAOb_FnxS-dMT85N7LHj5M9JWk3pL85=ugrDqaT7j5d28HBr0Cw@mail.gmail.com> <CF194491.38AD3%jhildebr@cisco.com>
Date: Fri, 7 Feb 2014 12:22:32 +0000
X-Google-Sender-Auth: IdfZUkg0gwSs8KRpsuvqiL6ZyuQ
Message-ID: <CAOb_Fnw1x1eCvjiE0p_dp1ut08Yjbqb7ZPJiJPCsdtC7pMwy0w@mail.gmail.com>
From: Kevin Smith <kevin@kismith.co.uk>
To: "Joe Hildebrand (jhildebr)" <jhildebr@cisco.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: XMPP Working Group <xmpp@ietf.org>
Subject: Re: [xmpp] IQ Handling vulnerabilities
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: kevin@kismith.co.uk
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 12:22:34 -0000

On Thu, Feb 6, 2014 at 9:58 PM, Joe Hildebrand (jhildebr)
<jhildebr@cisco.com> wrote:
> Can we start with an individual I-D that lays out the problem and
> solution?  That would allow us to make good decisions about what the next
> step would be.  Kev, that might be pretty quick for you to write...

I'm happy to do it, or happy for Thijs to. Will discuss out of band.

/K