Fwd: Problems sending mail from .mumble
I was asked to forward this to the list by Eric:
Date: Sun, 13 Apr 2008 10:27:40 -0700 From: Eric Brunner-Williams <ebw@abenaki.wabanaki.net> User-Agent: Thunderbird 2.0.0.12 (Macintosh/20080213) MIME-Version: 1.0 To: nanog@merit.edu Subject: Problems sending mail from .mumble Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit
Howdy folks,
This isn't as much fun as tracking ships, but at Friday's meeting of ICANN's GNSO Council (think "Hairspray") and ICANN staff on the process for new gTLDs, the issue of file suffixes as proposed strings came up.
Obviously the people who thought of wildcards (Sitefinder) didn't think through the full joy of the consequences.
So this is (yet another) fishing expidition -- as MIME types are a handy list, if any of those strings were present in a header, as in mail-from-foo@bar.MIME-TYPE, would any well-known thingee choke?
Clues on a clue-by-four.
I'll summarize replies off-list (unless requested otherwise) and Thanks in Advance, Eric
-- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
On Sun, 13 Apr 2008 17:50:25 EDT, Barry Shein said:
So this is (yet another) fishing expidition -- as MIME types are a handy list, if any of those strings were present in a header, as in mail-from-foo@bar.MIME-TYPE, would any well-known thingee choke?
As a practical matter, 'bar.mime-type' had better be a proper DNS entry, or a lot of places that do a "is the address at least putatively returnable?" test (which *should* be essentially 100% - does anybody *not* check this?), they will find it won't go very far. As a second practical matter, I suspect that all the places that have already decided that '*.biz' is a cesspool will be even more dubious accepting mail from 'foo@bar.application.octet-stream'. I'm still trying to figure out if this was for real, or if it was intended to be posted 2 weeks ago and ICANN bureaucracy delayed it... ;)
On Mon, Apr 14, 2008 at 11:17 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Sun, 13 Apr 2008 17:50:25 EDT, Barry Shein said:
So this is (yet another) fishing expidition -- as MIME types are a handy list, if any of those strings were present in a header, as in mail-from-foo@bar.MIME-TYPE, would any well-known thingee choke?
As a practical matter, 'bar.mime-type' had better be a proper DNS entry, or a lot of places that do a "is the address at least putatively returnable?" test (which *should* be essentially 100% - does anybody *not* check this?), they will find it won't go very far.
It's got some interesting implications if it's: domain.exe ... 'did you mean to go to domain.exe or execute domain.exe or display domain.pdf ?' the UI folks will have a headache with that I bet... I could see a rule set (simplified) like: 1) if -f domain.exe && -x domain.exe ; then exec(domain.exe) 2) if ! -f domain.exe ; then openlocation(domain.exe) that would be fun in the world of site-finder, eh? I wonder what word or excel or '$application' does with a random blob of html foo shoved down it's throat?? Is it still the case that folks thinking about site-finder believe 'all the world is a web-browser' ??? Seriously?
As a second practical matter, I suspect that all the places that have already decided that '*.biz' is a cesspool will be even more dubious accepting mail from 'foo@bar.application.octet-stream'.
and here I took the 'bar.mime-type' to be: domain.exe or domain.mp3 or domain.pdf ... Barry, which do you mean? (or which did Eric mean)
(monday morning list address probs,sorry) ---------- Forwarded message ---------- From: Christopher Morrow <christopher.morrow@gmail.com> Date: Mon, Apr 14, 2008 at 1:21 PM Subject: Re: Fwd: Problems sending mail from .mumble To: Valdis.Kletnieks@vt.edu Cc: Barry Shein <bzs@world.std.com>, nanog@merit.edu, ebw@abenaki.wabanaki.net On Mon, Apr 14, 2008 at 11:17 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Sun, 13 Apr 2008 17:50:25 EDT, Barry Shein said:
So this is (yet another) fishing expidition -- as MIME types are a handy list, if any of those strings were present in a header, as in mail-from-foo@bar.MIME-TYPE, would any well-known thingee choke?
As a practical matter, 'bar.mime-type' had better be a proper DNS entry, or a lot of places that do a "is the address at least putatively returnable?" test (which *should* be essentially 100% - does anybody *not* check this?), they will find it won't go very far.
It's got some interesting implications if it's: domain.exe ... 'did you mean to go to domain.exe or execute domain.exe or display domain.pdf ?' the UI folks will have a headache with that I bet... I could see a rule set (simplified) like: 1) if -f domain.exe && -x domain.exe ; then exec(domain.exe) 2) if ! -f domain.exe ; then openlocation(domain.exe) that would be fun in the world of site-finder, eh? I wonder what word or excel or '$application' does with a random blob of html foo shoved down it's throat?? Is it still the case that folks thinking about site-finder believe 'all the world is a web-browser' ??? Seriously?
As a second practical matter, I suspect that all the places that
have already
decided that '*.biz' is a cesspool will be even more dubious accepting mail from 'foo@bar.application.octet-stream'.
and here I took the 'bar.mime-type' to be: domain.exe or domain.mp3 or domain.pdf ... Barry, which do you mean? (or which did Eric mean)
Christopher Morrow wrote:
and here I took the 'bar.mime-type' to be: domain.exe or domain.mp3 or domain.pdf ... Barry, which do you mean? (or which did Eric mean)
Yup. Infix dots pretty much means the whole label isn't in the DNS root.
It's got some interesting implications if it's: domain.exe ... 'did you mean to go to domain.exe or execute domain.exe or display domain.pdf ?' the UI folks will have a headache with that I bet... I could see a rule set (simplified) like:
1) if -f domain.exe && -x domain.exe ; then exec(domain.exe) 2) if ! -f domain.exe ; then openlocation(domain.exe)
Do UI folks today have trouble with: domain.com domain.pl domain.ps domain.sh etc.? Is there an application that treats a local file specifier and a host specifier indistinguishably? If so, how does it deal with strings (like those I listed above) that could potentially be executables as well as domain names? Thanks, -drc
On Mon, Apr 14, 2008 at 3:35 PM, David Conrad <drc@virtualized.org> wrote:
It's got some interesting implications if it's: domain.exe ... 'did you mean to go to domain.exe or execute domain.exe or display domain.pdf ?' the UI folks will have a headache with that I bet... I could see a rule set (simplified) like:
1) if -f domain.exe && -x domain.exe ; then exec(domain.exe) 2) if ! -f domain.exe ; then openlocation(domain.exe)
Do UI folks today have trouble with:
domain.com domain.pl domain.ps domain.sh etc.?
Is there an application that treats a local file specifier and a host specifier indistinguishably? If so, how does it deal with strings (like those I listed above) that could potentially be executables as well as domain names?
see previous 'not been using dos in a while ,doh!' sorry :( I suspect .pl/.sh/.ps things are not normal user-application things (not windows things) so perhaps these are handled sanely. Or maybe there aren't reasons to look for this sort of thing over a network today so the problem doesn't exist? I know that in some applications (php things) you can open() a file or a 'url', maybe these things do something sane already? or maybe it's a corner case that doesnt' get tickled today with .exe or .gif ? Still, is all the world a web-browser?? (displaying 'web content' to things not web-browsers has already been proven to be a bad plan) -Chris
On Mon, 14 Apr 2008 22:35:47 +0300, David Conrad said:
Is there an application that treats a local file specifier and a host specifier indistinguishably?
If there's a software program out there currently that manages to conflate the right-hand side of an e-mail address and a MIME type, it probably deserves to lose. By the same token, anybody advocating such conflation probably deserves to lose as well...
or... domain.mx --bill On Mon, Apr 14, 2008 at 10:35:47PM +0300, David Conrad wrote:
It's got some interesting implications if it's: domain.exe ... 'did you mean to go to domain.exe or execute domain.exe or display domain.pdf ?' the UI folks will have a headache with that I bet... I could see a rule set (simplified) like:
1) if -f domain.exe && -x domain.exe ; then exec(domain.exe) 2) if ! -f domain.exe ; then openlocation(domain.exe)
Do UI folks today have trouble with:
domain.com domain.pl domain.ps domain.sh etc.?
Is there an application that treats a local file specifier and a host specifier indistinguishably? If so, how does it deal with strings (like those I listed above) that could potentially be executables as well as domain names?
Thanks, -drc
Is there an application that treats a local file specifier and a host specifier indistinguishably? If so, how does it deal with strings (like those I listed above) that could potentially be executables as well as domain names?
Looking at the 2007 DITL data (traces from DNS roots) its interesting to see traffic for invalid TLDs that look just like filename extensions. For example: % of all TLD/ Queries extension ---------- ----------- 0.182 txt 0.055 htm 0.051 c 0.049 lib 0.041 jpg 0.026 gif 0.012 html 0.011 php 0.005 exe (Note, those really are percentages.) I have no idea what applications are behind them, but it indicates that there is software out there that has a hard time telling the difference between a filename and a hostname. Or maybe its (ab)using the DNS to help make the decision. FWIW I was able to find one application, the text browser 'links,' which accepts either filename or hostnames as its commandline argument. From what I can tell its algorithm is something like this: - if tld/extension has two letters --> URL - if less than two letters --> File - if tld/extension is in list of known gTLDs --> URL - else --> File DW
On 2008-04-14, Christopher Morrow <christopher.morrow@gmail.com> wrote:
It's got some interesting implications if it's: domain.exe ... 'did you mean to go to domain.exe or execute domain.exe or display domain.pdf ?' the UI folks will have a headache with that I bet... I could see a rule set (simplified) like:
It doesn't seem to be a big problem for .com...
On Mon, Apr 14, 2008 at 3:05 PM, Stuart Henderson <stu@spacehopper.org> wrote:
On 2008-04-14, Christopher Morrow <christopher.morrow@gmail.com> wrote:
It's got some interesting implications if it's: domain.exe ... 'did you mean to go to domain.exe or execute domain.exe or display domain.pdf ?' the UI folks will have a headache with that I bet... I could see a rule set (simplified) like:
It doesn't seem to be a big problem for .com...
oh I've been away from dos for too long (not long enough??)... so sure maybe this isn't a problem :) or maybe the load from .com-ish things isn't enough to notice? -Chris
participants (9)
-
Barry Shein -
bmanning@vacation.karoshi.com -
Christopher Morrow -
Christopher Morrow -
David Conrad -
Duane Wessels -
Eric Brunner-Williams -
Stuart Henderson -
Valdis.Kletnieks@vt.edu