ietf-clear
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-clear] BATV changes to make it more flexible

2004-11-17 08:55:42
from [william(at)elan.net] [Permanent Link] 

Sorry for answering late - I missed the post ...

On Sat, 13 Nov 2004, Tony Finch wrote:


On Sat, 13 Nov 2004, william(at)elan.net wrote:


As has been asked by CLEAR design team I would like to formerly propose
changes to BATV syntax to make it more flexible and allow for multiple
signatures as well as move "user" part of the local-part to be right
before "@" which is easier for parsers and closer to how programs that
tag MAIL FROM with additional information currently do it (and more
human-friendly for those who are looking at the data directly).


That's a bad idea: consider
attacker+VERYVERYLONGLOCALPARTSUFFIXWHICHLOOKSLIKEBATV/victim(_at_)domain


I believe the syntax was not correct, it still included "+" which I later 
eliminated when simplifying syntax and removing extra special symbols symbols.
I'm correcting it below.

As for your example even if it was correct syntax, the possibility that 
somebody would try to use syntax that looks like BATV exist in current
BATV syntax as well, i.e.
 batv=victim/VERYVERYLONGLOCALPARTSUFFIXWHICHLOOKSLIKEBATV(_at_)domain

This really does not make any difference - the core is that that long data 
would not be correct signature that victim system generates so that system
would not accept this kind of a bounce.


It would also be helpful if you could post a rationale for your proposals.


The rationale is to allow multiple signatures to co-exist and allow 
signatures of possibly multiple data parts, etc. And of course, standard 
syntax for extending mail-from address is good (like some use
list#user(_at_)domain(_dot_)com and some do user#list(_at_)domain(_dot_)com and 
I think it
would be good to have at least some convention).


Updated (from previously posted) ABNF syntax:

      local-part       = [ *( tag "/" ) ] loc_tag

      tag              = sig_tag / loc_tag_extaddr

      loc_tag          = [ tag-data "=" ] loc-core

      loc_tag_extaddr  = loc_tag [ "#" domain ]

      sig_tag          = tag-type "=" tag-data "="

      tag-type         = 1*( DIGIT / ALPHA / "-" )
                         ; specific, registered validation scheme

      tag-data         = tag-val *( "=" tag-val )

      tag-val          = 1*( DIGIT / ALPHA / "-" )
                         ; the validation data or tag optional info

      loc-core         = {original local-part value}

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-clear] Re: Make CSV backwards compatible with legacySPF records?, John Glube
Next by Date:  [ietf-clear] BATV changes to make it more flexible, Tony Finch
Previous by Thread:  [ietf-clear] BATV changes to make it more flexible, Tony Finch
Next by Thread:  [ietf-clear] BATV changes to make it more flexible, Tony Finch
Indexes:  [Date] [Thread] [Top] [All Lists]