[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Simple] <note> in IMDN

To: Dean Willis <dean.willis at softarmor.com>
Subject: Re: [Simple] <note> in IMDN
From: Eric Burger <eburger at sipforum.org>
Date: Thu, 29 May 2008 21:38:50 -0400
Cc: simple at ietf.org
Delivered-to: ietfarch-simple-web-archive at core3.amsl.com
Delivered-to: simple at core3.amsl.com
In-reply-to: <98C2A548-551C-45D3-BA94-444A4A9E7E70@softarmor.com>
List-archive: <http://www.ietf.org/pipermail/simple>
List-help: <mailto:simple-request@ietf.org?subject=help>
List-id: SIP for Instant Messaging and Presence Leveraging Extensions <simple.ietf.org>
List-post: <mailto:simple@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=unsubscribe>
References: <1660532724-1210725948-cardhu_decombobulator_blackberry.rim.net-784864713-@bxe033.bisx.prod.on.blackberry> <66cd252f0805131939t6569dab7r45d8ced20471a157@mail.gmail.com> <77384F67-E82C-483C-B555-665BFAF02D4E@standardstrack.com> <66cd252f0805132138m23aa3f42kf01ce0dcb7c42181@mail.gmail.com> <3092F25A-A072-4952-9C44-8C639B1925E2@softarmor.com> <4834C22B.1000407@cisco.com> <AD5C512E-842F-48F3-8824-03EE8A7F7905@sipforum.org> <48374058.3030601@cisco.com> <C06ADE83-1F99-43F5-BC50-DEE465B0F0F5@sipforum.org> <483743F6.8060903@cisco.com> <76ABB500-A11B-4BF3-93CE-85BD6CAD0EC8@sipforum.org> <98C2A548-551C-45D3-BA94-444A4A9E7E70@softarmor.com>
Sender: simple-bounces at ietf.org

Don't forget the last little bit: not only does it open a vector for  
delivering a spam payload, but it has no value in the white hat case.

On May 29, 2008, at 12:41 PM, Dean Willis wrote:

>
> On May 25, 2008, at 7:57 AM, Eric Burger wrote:
>
>> Almost all of the fields in IMDN are verbatim copies of the IM, which
>> means an automaton can filter spoofed IMDN's.  Just about all of the
>> fields have some protocol semantic value.  However, the <note> field
>> is a spam delivery vector that has no protocol value.  That is my
>> issue with it: no value *and* a method to introduce spam.  That does
>> not sound like a winning combination.
>
> A lot of the spam on the IETF servers comes from forged "bounce"  
> messages. If a message looks like a bounce sent in response to a  
> message that might have come from the IETF list, it is very  
> difficult to weed out. For example, as sip-owner, I get a couple of  
> hundred forged bounce spams a day. Does IMDN share this property? It  
> feels to me like it might. Now personally, I wanted IMDN totally  
> banned from the deliverables; it has proven to be a nightmare in the  
> email world, and I bet it is going to cause us grief. But if we must  
> do it, let's make it as safe as possible.
>
> The unconstrained MIME body is a related problem. Since it is there  
> in an IMDN, it could be populated with stuff of the sender's choosing.
>
> Much more so than some arbitrary quoted-string in a SIP header, a  
> MIME note body (just like a MIME message body) is likely to get  
> parsed out and handed over to the OS-registered handler for the  
> associated MIME type. Many of those handlers have security flaws.
>
> So are we building an attack vector that can't readily be stopped by  
> spam-defense techniques and that is likely to result in malicious  
> code execution? Just how smart is that?
>
> --
> Dean
>
>
>

_______________________________________________
Simple mailing list
Simple at ietf.org
https://www.ietf.org/mailman/listinfo/simple

References:
- Re: [Simple] <note> in IMDN
  - From: eburger
- Re: [Simple] <note> in IMDN
  - From: Hisham Khartabil
- Re: [Simple] <note> in IMDN
  - From: Eric Burger
- Re: [Simple] <note> in IMDN
  - From: Hisham Khartabil
- Re: [Simple] <note> in IMDN
  - From: Dean Willis
- Re: [Simple] <note> in IMDN
  - From: Paul Kyzivat
- Re: [Simple] <note> in IMDN
  - From: Eric Burger
- Re: [Simple] <note> in IMDN
  - From: Paul Kyzivat
- Re: [Simple] <note> in IMDN
  - From: Eric Burger
- Re: [Simple] <note> in IMDN
  - From: Paul Kyzivat
- Re: [Simple] <note> in IMDN
  - From: Eric Burger
- Re: [Simple] <note> in IMDN
  - From: Dean Willis

Prev by Date: Re: [Simple] <note> in IMDN
Next by Date: Re: [Simple] <note> in IMDN
Previous by thread: Re: [Simple] <note> in IMDN
Next by thread: Re: [Simple] <note> in IMDN
Index(es):
- Date
- Thread