On 10/18/2017 11:51 AM, Dimitri Maziuk wrote:
Like tnеtсоnsulting.nеt being a benign minor encoding change in a couple
of characters?
No. That is not a simple content encoding change. Content (re)encoding
changes the representation of the same encoded data.
<е> 1077, Hex 0435, Octal 2065 != <e> 101, Hex 65, Octal 145
<с> 1089, Hex 0441, Octal 2101 != <c> 99, Hex 63, Octal 143
<о> 1086, Hex 043e, Octal 2076 != <o> 111, Hex 6f, Octal 157
An MTA changing the encoding method of data to / from: base 64 /
quoted-printable / 8-bit, is distinctly different than what you have
done, which is changing actual encoded data.
The (decimal) number 17 can be encoded multiple ways:
10001 = binary base 2
25 = hex base 6
21 = octal base 8
17 = decimal base 10
11 = hexadecimal base 16
All five encoded numbers represent the same value (decimal) 17.
What you have done (in the spirit of a white hat) is actually a
homograph attack. Something quite different from simple encoding
differences.
Quite similar to a computer seeing a the following three characters as
quite distinctly different things, each with different computational
meanings.
0
O
o
Just because the authors of the RFC have also chosen to stick the square
peg in the round hole doesn't make the hole any less round, nor the peg
any less square.
Fair.
Somewhere I've a 10-year old e-mail from Whit Diffie explaining how SSL
was a PR solution to a marketing problem. So this kind of
problem-finding and problem-solving has made to SMTP RFCs now, colour me
shocked.
I'd be curious to read said email, if it's convenient to dig up.
--
Grant. . . .
unix || die
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org