[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have

To: Simon Josefsson <simon@xxxxxxxxxxxxx>
Subject: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
From: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Date: Wed, 12 Mar 2008 10:12:57 +0100
Cc: Chris Newman <Chris.Newman@xxxxxxx>, Kurt Zeilenga <Kurt.Zeilenga@xxxxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <87iqztjjai.fsf@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <9C18D563-B86C-4ED8-8312-F22578A11E63@xxxxxxxxx> <> <hbf.20080311nead@xxxxxxxxxxxxx> <87iqztjjai.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

Simon Josefsson writes:
>Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx> writes:
>> I don't get this.  SASL is not a protocol.  If a textual protocol _uses_
>> SASL, it must turn SASL blobs into text - e.g. by base64-encoding them.
> (...)
> Hex encoding the data as well doesn't cost much, and allows for simpler
> string handling in some programming languages.

Programs that treat SASL blobs as text are broken and possibly a
security hazard.  At least unless they check the syntax first.
(For C, that the blob contains no '\0'.)

-- 
Hallvard

Follow-Ups:
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Simon Josefsson

References:
- Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Kurt Zeilenga
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Chris Newman
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Hallvard B Furuseth
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Simon Josefsson

Prev by Date: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Next by Date: Re: Digest-MD5 to Historic
Previous by thread: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Next by thread: Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
Index(es):
- Date
- Thread