lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 26 Sep 2003 21:22:52 +0200
From: "Rainer Gerhards" <rgerhards@...adiscon.com>
To: "Alun Jones" <alun@...is.com>, <bugtraq@...urityfocus.com>
Subject: RE: base64


> > Do all this canonicalization before the message hits your 
> attachment 
> > type policy enforcement and malware scanner, so they only 
> have to deal 
> > with the common forms that everybody handles the same.
> 
> With the obvious disadvantage that we're all reduced to using 
> the lowest-common-subset of functionality.  Never mind 
> inventing or supporting new features, or adding international 
> file naming support, in your new email client, because the 
> mail server will strip all of that out, anyway.  I don't 
> think that's an appropriate answer.

I think it is. Traditionally, newer RFCs *extend* existing ones - they
do not break there formats. So properly engineered new functionality
will either a) live within the boundary of an existing protocol or b)
specifiy a new one. In the case of a) canonocalication will do no harm,
in the case of b) it will not be applied as this is a separate protocol.

Rainer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ