On "max. tag nesting depth" in the Kolab-Format spec
Georg C. F. Greve
greve at kolabsys.com
Fri Jul 15 10:37:33 CEST 2011
Hi Florian,
Just very briefly, I will come back to kolab-format@ with a bit more time in
the next weeks, but I think some more work needs to be done on showing the
rationale for a hard-coded nesting depth limit:
On Friday 15 July 2011 10.12:49 Florian v. Samson wrote:
> In short: Why not?
"640K ought to be enough for anybody."
There is an inherent problem with foreseeing absolute numbers and limits in
computing, and changing this later if/when we hit that barrier will be very
expensive for all clients.
> You have not argued against any of the dangers I pointed out:
The threat scenario so far seems based on a malicious user that deliberately
tries to destroy data. This is a scenario that is almost impossible to protect
against in the end, and nesting bombs are a lot more complex as an attack than
currently existing attack vectors which we realistically cannot prevent.
Best regards,
Georg
--
Georg C. F. Greve
Chief Executive Officer
Kolab Systems AG
Zürich, Switzerland
e: greve at kolabsys.com
t: +41 78 904 43 33
w: http://kolabsys.com
pgp: 86574ACA Georg C. F. Greve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/format/attachments/20110715/5af509c6/attachment.sig>
More information about the format
mailing list