John Levine wrote in <20250130180421.7c392ba8f...@ary.qy>: |It appears that Jim Fenton <fen...@bluepopcorn.net> said: |>I’m a little unclear on the need to fully describe the “mutation” \ |>that might be applied by an intermediary. Even if fully described, \ |>you need to |>have some trust of the intermediary to accept the mutation, because \ |>otherwise you don’t know that the mutation doesn’t contain harmful/u\ |>nwanted |>content (barring some magic AI thing perhaps). | |I think the idea is that malicious mutations are likely to be rare, \
I personally still have no idea how to decode this thread. I mean, yes, there is a security implication in sofar as a malicious party could (speaking DKIMACDC and the BSDiff algorithm) create a malicious undiff instruction set. The bsdipa code uses all thinkable tests (anything else would be a bug, and reports very much appreciated). It is expected to be driven like is done by the perl module (BsDiPa it had to be named) --- and that means that - first the header is decompressed, and "verified" (patch_parse_header()); Thereafter you know about "sane values" there, and that the result will fit in the ~31-bit memory limit, -- (For email you could, if you drive it directly, ensure some upper memory limit, ie, one that relates to your allowed maximum email size, by looking at the content of the parsed header, likely s_bsdipa_header::h_before_len thus); hmm, maybe the perl module should offer the possibility to specify an optional limit!) - next the decompressed data is parsed with patch(), which verifies each and every step (original FreeBSD variant still has a security attack vector .. i then created issue 284472 for that) in order to avoid bad memory accesses etc. So then you have the restored content, whatever that is. If DKIM signature verification on that restored data is successful, there is nothing that can be done about that. |and as a first |approximation you can accept them all, and block the sources of malicious \ |ones. | |This is way better than ARC for small systems since doing a malicious but |reversible mutation is going to be harder than just slapping on a few fake |ARC headers. That. *Oh yeah*. (That is a song from Yellow, mind you; from Stella, which also has "Vicious Games", but as European we of course love "Desire". (Unless i am mistaken.)) |I agree with Murray that this is something to deal with in the WG, \ |not in the charter. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |In Fall and Winter, feel "The Dropbear Bard"s pint(er). | |The banded bear |without a care, |Banged on himself for e'er and e'er | |Farewell, dear collar bear _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
