SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: Text request/response spanning - security issue?



    Excerpt of message (sent 29 March 2002) by John Hufferd:
    > 
    > Before we run off to far in this direction, ....
    > 
    > Each Key of the Key=value pairs, supplies enough information to understand
    > the Max length of the value that follows.  The length permitted by each
    > keyword that is supported, should  be enough to define the approprate
    > length for any key=value pair.  I think that the implementation can
    > determine the Max amount of buffer it needs by computing the Max size based
    > on the keywords supported.
    
    Maybe not if you want to be picky.  Is there a limit on the number of
    leading zeroes that a numeric value may have?  I suppose a way to
    handle that is "a receiver is not required to accept values other than
    zero that begin with 0".
     
    > I think the item that got us into the Multi PDU  spanning of a key=value is
    > the Certificates associated with authentication.  So depending on the type
    > of Authentication supported, and the Max size of Certificates supported,
    > you can compute the Max size of the total key=value buffer needed.
    
    From what I remember about certificates, it isn't easy -- or even
    feasible -- to specify a sensible upper bound on their size.
    Especially as people start putting more and more crud into
    certificates.
     
    > I do not see anything broken here.  Hence, I do not think a fix is needed.
    
    Let's make sure that we can indeed specify an upper bound on each
    value for each key -- and document in the spec what that limit is.  If
    that can be done then indeed we're done.
    
    (I wouldn't worry about X-foo keys; if you don't support them then it
    doesn't matter how long they are, and if you do support a particular
    one, then it's up to the spec of that specific key to bound its size.)
    
         paul
    
    


Home

Last updated: Sat Mar 30 18:18:19 2002
9397 messages in chronological order