ietf-mxcomp
[Top] [All Lists]

Re: DOC-BUG: Security considerations for parsing records

2004-09-03 16:07:47

On Fri, 3 Sep 2004, Yakov Shafranovich wrote:


I haven't seen this mentioned in the drafts, but I remember someone 
Bellovin bringing this up in a different forum in regards to SPF a few 
http://www.interesting-people.org/archives/interesting-people/200401/msg00037.html

Steve Bellovin is security area advisor at IETF and part of IESG. While 
we're at it please look through his message and compare if we solved other 
issues mentioned there too.

months ago. Among the two RR formats for Sender-ID, is the TXT format. 
As Steve pointed out, parsing any kind of free form data can potentially 
lead to security issues if the parsers are not written properly (such as 
buffer overruns). Therefore, it might be useful to add a section or just 
a few sentences to mention that issue.

I agree. This should be in protocol draft.

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net


<Prev in Thread] Current Thread [Next in Thread>