W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

Re: ACTION-208: Security considerations concerning compression

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Tue, 16 Dec 2008 12:28:40 +0000
Message-ID: <b21a10670812160428l2945b1cajd8ca675493a303da@mail.gmail.com>
To: "Thomas Roessler" <tlr@w3.org>
Cc: "Frederick Hirsch" <frederick.hirsch@nokia.com>, public-webapps <public-webapps@w3.org>

Hi Thomas,

On Tue, Dec 16, 2008 at 10:43 AM, Thomas Roessler <tlr@w3.org> wrote:
> I suggest to remove the editorial note currently present in section 8 of the
> Editor's Draft.


> Instead, add the following to the Security Considerations section:
>> The signature scheme described in this document deals with the content
>> present inside a compressed widget package. This implies that, in order to
>> verify a widget signature, implementations need to uncompress a data stream
>> that can come from an arbitrary source.  A signature according to this
>> specification does <em>not</em> limit the attack surface of decompression
>> and unpacking code used during signature extraction and verification.
>> Care should be taken to avoid resource exhaustion attacks through
>> maliciously crafted Widget archives during signature verification.
>> Implementations that store the content of widget archives to the file
>> system during signature verification must not trust any path components of
>> file names present in the archive, to avoid overwriting of arbitrary files
>> during signature verification.
> (In other words, the zip archive isn't signed, and bad things might happen
> if signature verification is implemented naively.)

Added! Thanks, Thomas. That's much better.

Kind regards,

Marcos Caceres
Received on Tuesday, 16 December 2008 12:29:25 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:13 UTC