Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue

[Borja Marcos <borjam@xxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> 2. Your logic sounds convincing, but interposing a proxy that
> systematically changes incoming messages raises red flags in my mind.

        Digital signatures would not work, obviously.

	However, which is the reason to keep a malformed message? It's like 
the stupid thing antivirus software does, "cleaning" infected messages 
which have obviously *not* sent by the computer's owner. In the case of 
the Sircam virus, AV software failed catastrophically, not discarding 
thousands of messages with confidential documents sent without the 
knowledge of their owners, not to talk about the extremely useful 
notifications sent by those amazingly clever pieces of cr... errr, 
software.

	If someone builds faulty software which generates bad MIME headers, 
such messages should be treated as hostile messages and dropped. 
Period. What happened when Microsoft tried to make Windows 
"intelligent" so that an executable "wrongly" labelled with an audio 
MIME type it would be correctly "opened" (I mean, executed)?

	By trying to make poor programmers' life easier, we make our own lives 
harder. So, the only secure way to deal with a corrupt message is to 
drop it. Period.



        Borja.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBStPEULpVo4XWgJ8RAiAYAKCU/iZrJdYW/j4OafV8VRwVZGKT8gCdHmhv
AFNM8MrITjWR1d7HaXajcJo=
=iVnR
-----END PGP SIGNATURE-----