Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue
On Wed, 15 Sep 2004, David Covin wrote:
> Two points:
> It's fair to argue
> that canonicalizing is the more useful policy, but not that it is the
> only secure one.
Fair enough, with the caveat that it's probably easier to canonicalize
than to detect all MIME messages that might possibly be misinterpreted.
> 2. Your logic sounds convincing, but interposing a proxy that
> systematically changes incoming messages raises red flags in my mind.
Indeed.
> Yours is a more sophisticated approach, but I still see the
> potential for strange interactions between the gateway security
> product's MIME implementation and those of sending and receiving
> programs. Have you found this to be a problem, for those who've
> been using this filter?
I have run into some problems, which is why the canonicalization is
disabled by default.
Regards,
David.