[Top] [All Lists]

Re: standards spring cleaning

2004-12-07 12:13:41

On Tue December 7 2004 12:29, Nathaniel Borenstein wrote:
In both cases, I would be happier if we had 
said something in the security considerations about the necessity to 
reassemble message/partials into their "parent" message before applying 
any security-related content scans.

Yes, but it's not solely a security matter.  Any scan of content
(for potential privacy violations or other leakage of information,
spam scanners, etc.) should take message fragmentation
(and external-body, embedded executable content, etc.) into
account.  Ultimately, it may be an intractable problem, since
"executable content" can take many forms due to the variety
of programming/scripting/macro languages available.

<Prev in Thread] Current Thread [Next in Thread>