[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1064430111.31234.41.camel@delta.isode.net>
Date: 24 Sep 2003 20:01:50 +0100
From: David Wilson <David.Wilson@...de.com>
To: Christian Vogel <chris@...lix.hedonism.cx>
Cc: Alexander Ogol <sanyok_nospam@...physoft.org.ua>,
bugtraq@...urityfocus.com
Subject: Re: base64
>
> 99.99% of all software should create the standard form, so please
> let the tiny fraction of users with broken software suffer
> when their mails get rejected.
>
> (Note: this of course applies not only to Base64 but to all aspects
> of header-parsing, file-format guessing etc...)
I wish it were true...
I see many invalid messages, e.g.
- Using CR or LF not as CR LF, or including NUL. (Forbidden for MIME
messages, except for Content-transfer-encoding: binary, which needs an
SMTP Extension which few MTAs support).
- Using encoded words in MIME header parameter values (forbidden by RFC
2047 Page 8).
- Not quoting parameters when required
- Not setting Content-transfer-encoding: 8bit on all enclosing MIME
composite types (multipart or message/rfc822) when 8bit is used in a
data part (see RFC 2045 Section 6.4).
- Using characters outside the advertised character set. (E.g. using the
MS 'smart quotes' in something advertised as iso-8859-1).
- Not using the 'minimum' character set (e.g. saying iso-8859-1 when
us-ascii would do).
- Using 8bit characters in headers.
That's just in the structure of the message.
The original post in this thread made the valid point that different
interpreters of MIME messages make different assumptions. That applies
to other areas as well as base64 decoding.
cheers
David Wilson David.Wilson@...de.com
Isode Limited Tel: +44 (0) 20 8783 2961
http://www.isode.com
Powered by blists - more mailing lists