W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2007

Re: Message delimiting security issues

From: Travis Snoozy <ai2097@users.sourceforge.net>
Date: Wed, 17 Jan 2007 11:22:29 -0800
To: Henrik Nordstrom <henrik@henriknordstrom.net>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <20070117192229.GE19417@smote>
On Wed, Jan 17, 2007 at 07:57:47PM +0100, Henrik Nordstrom wrote:
> Specs does not say recipients MUST reject any malformed message. It
> doesn't even require recipients to detect malformed messages and the
> robustness principle underlining most use of IETF protocols generally
> discourages it. And everything else in software development speaks
> against such rejections unless they happen "as a by product" of the
> development.

No, the principles of secure development say "fail closed." If I don't
understand it, it gets chucked in the bin. Now, the "I don't understand it" bit
kills extensibility, but that's part and parcel to security -- you punch holes
as you need them. The spec needs to be extensible, and there's a balance to be
struck between what's secure and what's utilitarian. However, being _blatently_
malformed (e.g., two of any field that's not a #list) is always grounds for
immediate rejection. Fuzzy repair work, in this case, is a Very Bad Thing.


Received on Wednesday, 17 January 2007 19:22:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:41 UTC