| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 24 Sep 2003 20:01:50 +0100 From: David Wilson <David.Wilson@...de.com> To: Christian Vogel <chris@...lix.hedonism.cx> Cc: Alexander Ogol <sanyok_nospam@...physoft.org.ua>, bugtraq@...urityfocus.com Subject: Re: base64 > > 99.99% of all software should create the standard form, so please > let the tiny fraction of users with broken software suffer > when their mails get rejected. > > (Note: this of course applies not only to Base64 but to all aspects > of header-parsing, file-format guessing etc...) I wish it were true... I see many invalid messages, e.g. - Using CR or LF not as CR LF, or including NUL. (Forbidden for MIME messages, except for Content-transfer-encoding: binary, which needs an SMTP Extension which few MTAs support). - Using encoded words in MIME header parameter values (forbidden by RFC 2047 Page 8). - Not quoting parameters when required - Not setting Content-transfer-encoding: 8bit on all enclosing MIME composite types (multipart or message/rfc822) when 8bit is used in a data part (see RFC 2045 Section 6.4). - Using characters outside the advertised character set. (E.g. using the MS 'smart quotes' in something advertised as iso-8859-1). - Not using the 'minimum' character set (e.g. saying iso-8859-1 when us-ascii would do). - Using 8bit characters in headers. That's just in the structure of the message. The original post in this thread made the valid point that different interpreters of MIME messages make different assumptions. That applies to other areas as well as base64 decoding. cheers David Wilson David.Wilson@...de.com Isode Limited Tel: +44 (0) 20 8783 2961 http://www.isode.com
Powered by blists - more mailing lists