Re: [yam] [secdir] secdir review of draft-ietf-yam-rfc1652bis-03

Alessandro Vesely <vesely@tana.it> Fri, 05 March 2010 11:38 UTC

Message-ID: <4B90ED1C.8040905@tana.it>
Date: Fri, 05 Mar 2010 12:38:04 +0100
From: Alessandro Vesely <vesely@tana.it>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3
MIME-Version: 1.0
To: yam@ietf.org
References: <4B8E515A.6060608@isode.com> <6.2.5.6.2.20100303103218.0ba092a0@resistor.net>
In-Reply-To: <6.2.5.6.2.20100303103218.0ba092a0@resistor.net>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [yam] [secdir] secdir review of draft-ietf-yam-rfc1652bis-03
Precedence: list

>> This is a very, very brief document that is targeted to obsolete RFC 1652.
>
> Please note that there hasn't been any reports of security issues with this 16 year old specification.

RFC 4871 is of 2007 and reports an issue with it. Section 5.3 
practically says that 8bit SHOULD NOT be used. I'm not sure whether 
this is a security consideration that would incarnate Stephen's 
concern (also because, since the "relaxed" Header Canonicalization 
Algorithm does not take into account quotes, /any/ rfc2045 extension 
token breaks those signatures, not just 8BITMIME.)

[yam] [Fwd: [secdir] secdir review of draft-ietf-… Alexey Melnikov
Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
Re: [yam] [secdir] secdir review of draft-ietf-ya… Stephen Kent
Re: [yam] [Fwd: [secdir] secdir review of draft-i… S Moonesamy
Re: [yam] [Fwd: [secdir] secdir review of draft-i… Dave CROCKER
Re: [yam] [secdir] secdir review of draft-ietf-ya… Alexey Melnikov
Re: [yam] [Fwd: [secdir] secdir review of draft-i… Barry Leiba
Re: [yam] [Fwd: [secdir] secdir review of draft-i… John C Klensin
Re: [yam] [Fwd: [secdir] secdir review of draft-i… John C Klensin
Re: [yam] [secdir] secdir review of draft-ietf-ya… Alessandro Vesely
Re: [yam] [secdir] secdir review of draft-ietf-ya… Ned Freed
Re: [yam] [secdir] secdir review of draft-ietf-ya… Barry Leiba
Re: [yam] [secdir] secdir review of draft-ietf-ya… Ned Freed
Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
Re: [yam] [secdir] secdir review of draft-ietf-ya… John C Klensin
Re: [yam] [secdir] secdir review of draft-ietf-ya… Alessandro Vesely
Re: [yam] [secdir] secdir review of draft-ietf-ya… John C Klensin
Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
Re: [yam] [secdir] secdir review of draft-ietf-ya… Dave CROCKER
Re: [yam] [secdir] secdir review of draft-ietf-ya… Alexey Melnikov
Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
Re: [yam] [secdir] secdir review of draft-ietf-ya… Ned Freed
Re: [yam] [secdir] secdir review of draft-ietf-ya… Tony Finch
Re: [yam] [secdir] secdir review of draft-ietf-ya… John C Klensin
Re: [yam] [Fwd: [secdir] secdir review of draft-i… Ned Freed
Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
Re: [yam] [secdir] secdir review of draft-ietf-ya… Alessandro Vesely
Re: [yam] [secdir] secdir review of draft-ietf-ya… Arnt Gulbrandsen
Re: [yam] [secdir] secdir review of draft-ietf-ya… Dave CROCKER
Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
Re: [yam] [secdir] secdir review of draft-ietf-ya… S Moonesamy
Re: [yam] [secdir] secdir review of draft-ietf-ya… Stephen Kent