Re: [yam] [secdir] secdir review of draft-ietf-yam-rfc1652bis-03
S Moonesamy <sm+ietf@elandsys.com> Fri, 05 March 2010 14:41 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: yam@core3.amsl.com
Delivered-To: yam@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D19D528C1BE for <yam@core3.amsl.com>; Fri, 5 Mar 2010 06:41:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.98
X-Spam-Level:
X-Spam-Status: No, score=-1.98 tagged_above=-999 required=5 tests=[AWL=0.619, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GhopmCWXCl7 for <yam@core3.amsl.com>; Fri, 5 Mar 2010 06:41:53 -0800 (PST)
Received: from mail.elandsys.com (mail.elandsys.com [208.69.177.125]) by core3.amsl.com (Postfix) with ESMTP id 1A2D428C146 for <yam@ietf.org>; Fri, 5 Mar 2010 06:41:53 -0800 (PST)
Received: from SUBMAN.elandsys.com ([41.136.233.200]) (authenticated bits=0) by mail.elandsys.com (8.13.8/8.13.8) with ESMTP id o25Efl9V028482; Fri, 5 Mar 2010 06:41:52 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=elandsys.com; s=mail; t=1267800114; x=1267886514; bh=2k/mpKjfFirFKBscfRmIMxWjz5w=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=Rxa+9kZq3lQnBMY9c00J97tNof1EVf32a2eB0ccws5GQ9/uSzeL6VUowUZ3UbSo2a hQvpZXOBvJyLQ70RrBkfFa+hcsIw7L5Dfqr5LQ6owOqJEJ9Yxy+13yCuplUDK+b/rp A5fjzCM0w1qGKqcX1I5hzetbNZrrLzcijmjbq5ZI=
Message-Id: <6.2.5.6.2.20100305051249.09f24f38@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Fri, 05 Mar 2010 06:41:32 -0800
To: Alessandro Vesely <vesely@tana.it>
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <4B90ED1C.8040905@tana.it>
References: <4B8E515A.6060608@isode.com> <6.2.5.6.2.20100303103218.0ba092a0@resistor.net> <4B90ED1C.8040905@tana.it>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: yam@ietf.org
Subject: Re: [yam] [secdir] secdir review of draft-ietf-yam-rfc1652bis-03
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2010 14:41:54 -0000
Hi Alessandro, At 03:38 05-03-10, Alessandro Vesely wrote: >RFC 4871 is of 2007 and reports an issue with it. Section 5.3 >practically says that 8bit SHOULD NOT be used. I'm not sure whether >this is a security consideration that would incarnate Stephen's >concern (also because, since the "relaxed" Header Canonicalization >Algorithm does not take into account quotes, /any/ rfc2045 extension >token breaks those signatures, not just 8BITMIME.) Section 5.3 of RFC 4871 sounds more like a deployment consideration instead of a security consideration. The question from Stephen Kent [1] in response to my comment mentions that "binary attachments that are ideal for delivering malware are supported irrespective of the use of" the 8BITMIME extension. Dave Crocker requested input from the WG on the secdir review [2]. His message gives a broader view of the matter (i.e. whether the change is within scope for the YAM WG). If you have any comments, I would like to hear them. I am not saying this because it is required by the IETF Standards process; I mean it. It is less work for me if such discussions do not diverge from the issue at hand. My position is that an issue was brought up during the Secdir review and I need an answer for the Responsible Area Director and YAM WG Chairs. I wrote some notes about hostile content ( temporary link http://www.elandsys.com/resources/mail/draft-moonesamy-mail-security-00.txt ). It is not meant to be used as input for YAM WG work. Regards, S. Moonesamy 1. http://www.ietf.org/mail-archive/web/yam/current/msg00368.html 2. http://www.ietf.org/mail-archive/web/yam/current/msg00370.html
- [yam] [Fwd: [secdir] secdir review of draft-ietf-… Alexey Melnikov
- Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Stephen Kent
- Re: [yam] [Fwd: [secdir] secdir review of draft-i… S Moonesamy
- Re: [yam] [Fwd: [secdir] secdir review of draft-i… Dave CROCKER
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Alexey Melnikov
- Re: [yam] [Fwd: [secdir] secdir review of draft-i… Barry Leiba
- Re: [yam] [Fwd: [secdir] secdir review of draft-i… John C Klensin
- Re: [yam] [Fwd: [secdir] secdir review of draft-i… John C Klensin
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Alessandro Vesely
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Ned Freed
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Barry Leiba
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Ned Freed
- Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
- Re: [yam] [secdir] secdir review of draft-ietf-ya… John C Klensin
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Alessandro Vesely
- Re: [yam] [secdir] secdir review of draft-ietf-ya… John C Klensin
- Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Dave CROCKER
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Alexey Melnikov
- Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Ned Freed
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Tony Finch
- Re: [yam] [secdir] secdir review of draft-ietf-ya… John C Klensin
- Re: [yam] [Fwd: [secdir] secdir review of draft-i… Ned Freed
- Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Alessandro Vesely
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Arnt Gulbrandsen
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Dave CROCKER
- Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
- Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
- Re: [yam] [secdir] secdir review of draft-ietf-ya… Stephen Kent