[31854] in bugtraq
RE: base64
daemon@ATHENA.MIT.EDU (Rainer Gerhards)
Fri Sep 26 16:36:12 2003
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Fri, 26 Sep 2003 21:22:52 +0200
Message-ID: <28915501A44DBA4587FE1019D675F983093DB9@grfint.intern.adiscon.com>
From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
To: "Alun Jones" <alun@texis.com>, <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
> > Do all this canonicalization before the message hits your
> attachment
> > type policy enforcement and malware scanner, so they only
> have to deal
> > with the common forms that everybody handles the same.
>
> With the obvious disadvantage that we're all reduced to using
> the lowest-common-subset of functionality. Never mind
> inventing or supporting new features, or adding international
> file naming support, in your new email client, because the
> mail server will strip all of that out, anyway. I don't
> think that's an appropriate answer.
I think it is. Traditionally, newer RFCs *extend* existing ones - they
do not break there formats. So properly engineered new functionality
will either a) live within the boundary of an existing protocol or b)
specifiy a new one. In the case of a) canonocalication will do no harm,
in the case of b) it will not be applied as this is a separate protocol.
Rainer
