ietf-mta-filters
[Top] [All Lists]

Re: NUL handling and security considerations [was: Re: My open issues with RFC3028bis]

2005-07-16 07:13:44

Ned Freed wrote:

I may be stretching it too far here, but AFAIK, there are implementations
that truncate strings, thus corrupting test results.  Trying to label them
non-conforming probably won't succeed, but we should not silently ignore
this problem.
I guess there are two choices:
A) Require correct handling of NUL
B) Strongly prefer correct handling of NUL and warn about the dangers of
  not doing so in the security considerations
I have no major problem with A but I think B is a better choice. FWIW, the
implementation I work on has no problem handling NULs, but I worry that
this will make many other implementations non-conforming.

I suspect that Cyrus Sieve doesn't handle encoded NULs properly. So I would prefer B.