W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

Re: ACTION-208: Security considerations concerning compression

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Tue, 16 Dec 2008 12:28:40 +0000
Message-ID: <b21a10670812160428l2945b1cajd8ca675493a303da@mail.gmail.com>
To: "Thomas Roessler" <tlr@w3.org>
Cc: "Frederick Hirsch" <frederick.hirsch@nokia.com>, public-webapps <public-webapps@w3.org>

Hi Thomas,

On Tue, Dec 16, 2008 at 10:43 AM, Thomas Roessler <tlr@w3.org> wrote:
> I suggest to remove the editorial note currently present in section 8 of the
> Editor's Draft.
>

Removed.

> Instead, add the following to the Security Considerations section:
>
>> The signature scheme described in this document deals with the content
>> present inside a compressed widget package. This implies that, in order to
>> verify a widget signature, implementations need to uncompress a data stream
>> that can come from an arbitrary source.  A signature according to this
>> specification does <em>not</em> limit the attack surface of decompression
>> and unpacking code used during signature extraction and verification.
>
>> Care should be taken to avoid resource exhaustion attacks through
>> maliciously crafted Widget archives during signature verification.
>
>> Implementations that store the content of widget archives to the file
>> system during signature verification must not trust any path components of
>> file names present in the archive, to avoid overwriting of arbitrary files
>> during signature verification.
>
> (In other words, the zip archive isn't signed, and bad things might happen
> if signature verification is implemented naively.)
>

Added! Thanks, Thomas. That's much better.

Kind regards,
Marcos

-- 
Marcos Caceres
http://datadriven.com.au
Received on Tuesday, 16 December 2008 12:29:25 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:29 GMT