On "max. tag nesting depth" in the Kolab-Format spec

Georg C. F. Greve greve at kolabsys.com
Fri Jul 15 10:37:33 CEST 2011


Hi Florian,

Just very briefly, I will come back to kolab-format@ with a bit more time in 
the next weeks, but I think some more work needs to be done on showing the 
rationale for a hard-coded nesting depth limit:


On Friday 15 July 2011 10.12:49 Florian v. Samson wrote:
> In short: Why not?

	"640K ought to be enough for anybody."

There is an inherent problem with foreseeing absolute numbers and limits in 
computing, and changing this later if/when we hit that barrier will be very 
expensive for all clients.


> You have not argued against any of the dangers I pointed out:

The threat scenario so far seems based on a malicious user that deliberately 
tries to destroy data. This is a scenario that is almost impossible to protect 
against in the end, and nesting bombs are a lot more complex as an attack than 
currently existing attack vectors which we realistically cannot prevent.

Best regards,
Georg


-- 
Georg C. F. Greve
Chief Executive Officer

Kolab Systems AG
Zürich, Switzerland

e: greve at kolabsys.com
t: +41 78 904 43 33
w: http://kolabsys.com

pgp: 86574ACA Georg C. F. Greve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/format/attachments/20110715/5af509c6/attachment.sig>


More information about the format mailing list