[36556] in bugtraq
Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding
daemon@ATHENA.MIT.EDU (David F. Skoll)
Sat Sep 18 03:05:09 2004
Date: Wed, 15 Sep 2004 14:51:06 -0400 (EDT)
From: "David F. Skoll" <dfs@roaringpenguin.com>
To: David Covin <dcovin@nmr.mgh.harvard.edu>
Cc: bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.4.44.0409151128320.25894-100000@macau.nmr.mgh.harvard.edu>
Message-ID: <Pine.LNX.4.58.0409151448170.6811@shishi.roaringpenguin.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 15 Sep 2004, David Covin wrote:
> Two points:
> It's fair to argue
> that canonicalizing is the more useful policy, but not that it is the
> only secure one.
Fair enough, with the caveat that it's probably easier to canonicalize
than to detect all MIME messages that might possibly be misinterpreted.
> 2. Your logic sounds convincing, but interposing a proxy that
> systematically changes incoming messages raises red flags in my mind.
Indeed.
> Yours is a more sophisticated approach, but I still see the
> potential for strange interactions between the gateway security
> product's MIME implementation and those of sending and receiving
> programs. Have you found this to be a problem, for those who've
> been using this filter?
I have run into some problems, which is why the canonicalization is
disabled by default.
Regards,
David.
