[Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security

To: syslog at ietf.org,chris.newman at sun.com
Subject: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security
From: Sam Hartman <hartmans-ietf at mit.edu>
Date: Fri, 07 Sep 2007 11:57:33 -0400
Cc: iesg at ietf.org
List-archive: <http://www1.ietf.org/pipermail/syslog>
List-help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-post: <mailto:syslog@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux)

Hi, folks.

I think the WG made a mistake trying to address Chris Newman's comment
about Unicode TR36 and made the situation worse.

My understanding of what the WG was trying to do is to require that if
a BOM is present in a string, then the implementation can enforce
strict checks because it knows the message is Unicode and UTF-8.
Without the BOM, there's not a lot you can do. The goal here is to
have consistent and secure internationalization between two new
implementations--that is a sender that includes the BOM and a receiver
that understands it. So, basically the BOM is a signal that "Hi,
there; I'm new and you can trust my i18n to be reasonably well thought
through."
The following change seems to break this.

- If a syslog application is processing a MSG starting with a BOM, then
- it MUST be interpreted as being encoded in UTF-8 for the reasons
- outlined in UNICODE TR36 [UNICODE-TR36], section 3.1. If a syslog
- application does not encode MSG in UTF-8, the string MUST NOT start
- with the Unicode BOM. Guidance about this is given in Appendix A.8.
+ If a syslog application is processing a MSG starting with a BOM, if
+ it contains UTF-8 that is not shortest form it MUST NOT be
+ interpreted as being encoded in UTF-8 for the reasons outlined in
+ [UNICODE-TR36], section 3.1. Guidance about this is given in
+ Appendix A.8.

In particular if you get text from a new implementation that is not
shortest-form, it is an error. You want to throw it away , or do
something else to indicate you have a security problem, not just treat
it as another encoding.

I propose the following text but would be open to alternatives:

If a syslog application is processing a MSG starting with a BOM, if
it contains UTF-8 that is not shortest form it MUST be discarded for the reasons outlined in
[UNICODE-TR36], section 3.1. Guidance about this is given in
Appendix A.8.

_______________________________________________
Syslog mailing list
Syslog at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog

Follow-Ups:
- Re: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security
  - From: Chris Lonvick

Prev by Date: [Syslog] I-D ACTION:draft-ietf-syslog-protocol-23.txt
Next by Date: [Syslog] Implications of protocol draft changes for tls draft
Previous by thread: [Syslog] I-D ACTION:draft-ietf-syslog-protocol-23.txt
Next by thread: Re: [Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security
Index(es):
- Date
- Thread

[Syslog] Change between syslog-protocol 21 and 23 breaks UTF-8 security

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.