This is a presentation I did years ago, but I heard that there are still people using it as a reference. So here it is, slightly cleaned up. If you are writing systems that process email addresses in some form or anotehr you might want to read this.
Jennifer Rexford
Professor
Princeton University
Plenaries Session
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
Jennifer Rexford
Professor
Princeton University
Plenaries Session
ONS2015: http://bit.ly/ons2015sd
ONS Inspire! Webinars: http://bit.ly/oiw-sd
Watch the talk (video) on ONS Content Archives: http://bit.ly/ons-archives-sd
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2IDXhIf.
Changhoon Kim talks about the new PISA ASICs which promises multi Tb/s of packet processing with uncompromised programmability, and P4, a new domain-specific high-level language designed for networking. He shows how PISA and P4 will change the way we design, build, and run not just our networks, but also distributed systems and applications. Filmed at qconsf.com.
Changhoon Kim is a Director of System Architecture at Barefoot Networks. Prior to Barefoot, he worked at Windows Azure, Microsoft’s cloud-service division, and led engineering and research projects on the architecture, performance, and management of datacenter networks.
The Presentation given at Guru Gobind Singh Polytechnic, Nashik for Third Year Information Technology and Computer Engineering Students on 08/02/2011.
Topic: Java Network Programming
This webinar explains why PISA chips are inevitable, provides overview of machine architecture of such switches, presents a brief primer on the P4 language with sample programs for a variety of networks and demonstrates a powerful network diagnostics application implemented in P4.
Programmability in SDNs is confined to the network control plane. The forwarding plane is still largely dictated by fixed-function switching chips. Our goal is to change that, and to allow programmers to define how packets are to be processed all the way down to the wire.
This is made possible by a new generation of high-performance forwarding chips. At the high-end, PISA (Protocol-Independent Switch Architecture) chips promise multi-Tb/s of packet processing. At the mid- and low-end of the performance spectrum, CPUs, GPUs, FPGAs, and NPUs already offer great flexibility with performance of a few tens to hundreds of Gb/s.
In addition to programmable forwarding chips, we also need a high-level language to dictate the forwarding behavior in a target independent fashion. "P4" (www.p4.org) is such a language. In P4, the programer declares how packets are to be processed, and a compiler generates a configuration for a PISA chip, or a programmable target in general. For example, the programmer might program the switch to be a top-of-rack switch, a firewall, or a load-balancer; and might add features to run automatic diagnostics and novel congestion control algorithms.
When we desire a communication between two applications possibly running on different machines, we need sockets. This presentation aims to provide knowledge of basic socket programming to undergraduate students. Basically, this presentation gives the importance of socket in the area of networking and Unix Programming. The presentation of Topic (Sockets) has designed according to the Network Programming Subject, B.Tech, 6th Semester syllabus of Punjab Technical University Kapurthala, Punjab.
These slides summarise the 0-RTT converters that were proposed in the IETF MPTCP working group to aid the deployment of Multipath TCP. Additional details are available in https://www.ietf.org/internet-drafts/draft-bonaventure-mptcp-converters-01.txt
Captain Agile and the Providers of ValueSchalk Cronjé
Copy of slides used at AgileNCR 2013. It uses the 2011 Indian Cricket World Cup triumph as a metaphor to illustrate the leadership in an agile team. It then goes on to provide some practical advice for implementing an agile way of working.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2IDXhIf.
Changhoon Kim talks about the new PISA ASICs which promises multi Tb/s of packet processing with uncompromised programmability, and P4, a new domain-specific high-level language designed for networking. He shows how PISA and P4 will change the way we design, build, and run not just our networks, but also distributed systems and applications. Filmed at qconsf.com.
Changhoon Kim is a Director of System Architecture at Barefoot Networks. Prior to Barefoot, he worked at Windows Azure, Microsoft’s cloud-service division, and led engineering and research projects on the architecture, performance, and management of datacenter networks.
The Presentation given at Guru Gobind Singh Polytechnic, Nashik for Third Year Information Technology and Computer Engineering Students on 08/02/2011.
Topic: Java Network Programming
This webinar explains why PISA chips are inevitable, provides overview of machine architecture of such switches, presents a brief primer on the P4 language with sample programs for a variety of networks and demonstrates a powerful network diagnostics application implemented in P4.
Programmability in SDNs is confined to the network control plane. The forwarding plane is still largely dictated by fixed-function switching chips. Our goal is to change that, and to allow programmers to define how packets are to be processed all the way down to the wire.
This is made possible by a new generation of high-performance forwarding chips. At the high-end, PISA (Protocol-Independent Switch Architecture) chips promise multi-Tb/s of packet processing. At the mid- and low-end of the performance spectrum, CPUs, GPUs, FPGAs, and NPUs already offer great flexibility with performance of a few tens to hundreds of Gb/s.
In addition to programmable forwarding chips, we also need a high-level language to dictate the forwarding behavior in a target independent fashion. "P4" (www.p4.org) is such a language. In P4, the programer declares how packets are to be processed, and a compiler generates a configuration for a PISA chip, or a programmable target in general. For example, the programmer might program the switch to be a top-of-rack switch, a firewall, or a load-balancer; and might add features to run automatic diagnostics and novel congestion control algorithms.
When we desire a communication between two applications possibly running on different machines, we need sockets. This presentation aims to provide knowledge of basic socket programming to undergraduate students. Basically, this presentation gives the importance of socket in the area of networking and Unix Programming. The presentation of Topic (Sockets) has designed according to the Network Programming Subject, B.Tech, 6th Semester syllabus of Punjab Technical University Kapurthala, Punjab.
These slides summarise the 0-RTT converters that were proposed in the IETF MPTCP working group to aid the deployment of Multipath TCP. Additional details are available in https://www.ietf.org/internet-drafts/draft-bonaventure-mptcp-converters-01.txt
Captain Agile and the Providers of ValueSchalk Cronjé
Copy of slides used at AgileNCR 2013. It uses the 2011 Indian Cricket World Cup triumph as a metaphor to illustrate the leadership in an agile team. It then goes on to provide some practical advice for implementing an agile way of working.
Use of three simple measurements in to aid with improving software delivering. Includes real world data and a case study from three geographicaly distributed teams.
An updated version of Simple Measurements as delivered at the CT-SPIN group in 2012.
Slides from session I delivered at Scrum Gathering India 2013. A forwarding-looking presentation challenging technology organisations (especially software tech) to look outside of their teams and their organisations and to consider the real impact of their work.
Generative Programming In The Large - Applied C++ meta-programmingSchalk Cronjé
Digs into the details of effective generative programming in C++. Major focus on using meta-programming techniques to create efficient, low cyclomatic complexity in artefacts.
Presentation done at the historic 20 yeras of C++ conference in Las Vegas 2005. This is also the first time I ever spoke on the topic of combing generative programming and C++ template metaprogramming
Introduction to Gradle in 45min as done at JBCN 2016. Covers the basics of Gradle for people familiar with other build tools. Includes building Java, Scala, Groovy & Kotlin projects
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
CCNA 4 Answers, CCNA 1 Version 4.0 Answers, CCNA 2 Version 4.0 Answers, CCNA 3 Version 4.0 Answers, CCNA 4 Version 4.0 Answers, CCNA 1 Final Version 4.0 Answers, CCNA 2 Final Version 4.0 Answers, CCNA 3 Final Version 4.0 Answers, CCNA 4 Final Version 4.0 Answers
Dear students get fully solved assignments
Send your semester & Specialization name to our mail id :
help.mbaassignments@gmail.com
or
call us at : 08263069601
Dear students get fully solved assignments
Send your semester & Specialization name to our mail id :
help.mbaassignments@gmail.com
or
call us at : 08263069601
1. You are to write a client-server application to support Calculus�.pdfaliradios
1. You are to write a client-server application to support Calculuss IRC system.
2. Implement a single central server IRC network. server-to-server communication is outside the
scope of P1.
3. The client $ server interaction should happen over TCP.
4. Support the following Connection Registration messages (RFC #2812 Sec. 3.1): NICK,
USER, and QUIT.
5. Support the following Channel Operation messages (RFC #2812 Sec. 3.2): JOIN, PART,
TOPIC, and NAMES.
6. PRIVMSG command (RFC #2812 Sec. 3.3.1).
7. TIME command (RFC #2812 Sec. 3.4.6).
8. Closely related to each message above are the numeric replies listed under them. These
correspond to message responses (RPL_ prefix) and error replies (ERR_ prefix). Carefully read
RFC #2812 Sec. 5.1 and 5.2. last updated: 03/14/23 @ 7:08am 1 M&W 01:30 02:45 p.m. SE
1230 CS447 Spring 2023
Clearly document all reply codes youve implemented in your report.
Grader will randomly test numeric replies by triggering the corresponding error condition(s).
Thus, it is advised to implement as many numeric replies as possible corresponding to each
message. Note: The RFC lists several examples under each message (Sec. 3.1 and 3.2) that
demonstrates each client message as well as the corresponding server response. You are expected
to follow the same format/syntax in your implementations. Logistics
1. Use configuration files to provide runtime arguments as follows:
The client executable receives two runtime arguments through client.conf. client.conf
SERVER_IP=y.y.y.y SERVER_PORT=xxxx
The configuration file for the server executable should have the following format: server.conf
NICK= PASS= PORT= SERVERS= SOCK_ADDR= The only necessary server runtime
argument at this point are NICK and PORT. Rest are in anticipation of P2. For now, simply read
and store the unused runtime arguments in variables (for future use).
2. Concurrent multiple clients should be supported; more than one client should be capable of
communicating the with server at the same time without any interference.
3. clients should be able to change their nickname(s) (NICK), register their usernames (USER),
and gracefully exit thru QUIT.
4. clients should be able to join/create channels (JOIN), leave channels (PART),
set/view/list/clear topics (TOPIC), and list all other nicknames on the server (NAMES).
5. clients should be able to communicate with other users either directly or through channels
(PRIVMSG).
6. clients should be able to query the server for the localtime (TIME).
7. The server process is permitted to be forcefully killed if needed.
8. Print all reply codes on all interactions to the standard output.
9. At the end of your implementation, you should be able to:
Compile and run your code on a typical Linux machine(s). Include a readme file with clear
compilation instructions and any additional software the grader might have to install.
Run your server program first.
Run one or more clients and register with the server.
Create channels. Engage with other use.
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Amazon Web Services
Through Real AWS Customer Case Studies we will explain how Brocade Virtual Application Delivery Controller (vADC) can: - Simplify complex architectures in AWS - Significantly accelerate application performance and user experience - Provide additional application security over and above AWS ELB – with and without Web Application Firewalls (WAF) - Enable hybrid cloud architectures and cloud bursting - Fix application-level compatibility problems without the need to re-write the apps.
Speaker: Ron Masson System Engineer - Software Networking, Australia/New Zealand, Brocade
Simplifying open stack and kubernetes networking with romanaJuergen Brendel
Romana, the open source project by Pani Networks, brings stunning simplicity to the usually so complex networking in OpenStack and Kubernetes. Using only native L3 routing and no overlays, along with automated distributed application of network policies and security rules, it provides operators with easy to understand and manage networking, while allowing network hardware to operate at its best and with full efficiency.
These slides were used during the OpenStack meetup in Auckland in May 2016, hosted by Catalyst IT.
Simplifying the OpenStack and Kubernetes network stack with RomanaJuergen Brendel
These slides were used during a meetup in Wellington, hosted by Catalyst IT. Pani Networks presented their Romana project: Cloud native, pure L3 networking for OpenStack and Kubernetes clusters.
What is DocuOps. How does Asciidoctor contribute? How to add it to your Maven & Gradle build. Tying all of the tech documentation together in a single project from commit to publish.
Using the Groovy Ecosystem for Rapid JVM DevelopmentSchalk Cronjé
Overviewing Ratpack, Geb, Spock & Gradle to help with rapid development on the JVM. Mentions of other Gr8 tools & libraries. Swift introduction to Groovy.
Documentation An Engineering Problem UnsolvedSchalk Cronjé
Following on from an idea of Dan Allan, this explores desires for authoring documentation from an engineering point of view. THhe second half looks at how Asciidoctor project is trying to address some of these desoires.
Seeking enligtenment - A journey of "Why?" rather than "How?"Schalk Cronjé
As delivered at a visit to Pass Testing's Bangalore office, it is a reflection on searching for the why we do things in certain ways in software development.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
1.Wireless Communication System_Wireless communication is a broad term that i...
RfC2822 for Mere Mortals
1. What's in an Email Address?
RFC2822 Em@il @ddresses for Mere Mortals
Schalk W. Cronjé
@ysb33r
2. Why This Topic?
● Recurring bugs in software we build
● Lack of understanding at all levels
– Developers
– Testers
– Support People
● Assumptions made, without reading RFCs
● Understanding RFCs are not straightforward
– RTFM is difficult when TFM cannot be found
● We require a basic reference
3. Content
● Overview
● Local-part
● Domain-part
● Valid or not?
● The real world
4. Brave, brave RFC World
RRFFCC22882211 RRFFCC11003344
RRFFCC11003355
RRFFCC22882222
RRFFCC882211
RRFFCC882222
Domain name specification.
Restrictions on email
addresses at protocol levels.
Specifies layout of email
transmitted over internet.
Specifies format of email
address.
RRFFCC22004477
Encoding of 8-bit in
RFC2822 header
fields
RRFFCC33449900
Encoding international
domain names
RRFFCC11112233
((PPaarrttiiaallllyy uuppddaatteedd bbyy RRFFCC22882211))
Requirements for internet hosts
5. Address Format
Modern format
local-part @ domain-part
Historic format (RFC821/RFC2821)
source-route : local-part @ domain-part
6. RFC2822 Local Parts
● Unrestricted characters
0..9 a..z A..Z ! # $ % & ' * + - / = ? ^ _ ` | { } ~ .
● Quotable charactersq u( oted by “ )
< [ ( : @ ; ) ] > , non-ws-ctrl
● Illegal characters
All 8-bit.
● Whitespace
ws-ctrl illegal, only used for folding in headers
space character is valid if quoted
[ RFC2821: 4.1.2; RFC2822: 3.2, 3.4 ]
7. Local Payload
● Routing characters
– ! % have been used for local-routing in legacy
systems, including UUCP and MHS.
– Can be used to bypass routing in mis-configured
systems.
● Shell exploits
– | / ` $ have been used to attempt remote
command execution
8. Does Case Matter?
● Case is ignored in domain
ntaba.biz == ntaba.biz
● Strictly-speaking case matters in local-parts
schalk@ntaba.biz != ScHaLk@ntaba.biz
– Most MTAs ignore case
– RFC2821 discourages use of case as a
distinguishing factor
[ RFC2821: 2.4 ]
9. Does Size Matter?
● RFC2821 places limitations on length of local-part and
domain-part
– 64 characters for local-part
– 255 characters for domain-part
● This is normally not a problem for messages
transmitted across the internet, but can be problematic
for in-house applications or encoded email addresses
such as X.400.
● Many MTAs will now ignore this length restriction as
long as the overall SMTP protocol line length restriction
is not exceeded.
[ RFC2821: 4.5.3.1 ]
10. Domain Parts
● Can either be a RFC1035 domain or an address literal
● Valid characters for domain names:
a..z A..Z 0..9 -
● Subdomains separated by dot character.
● Subdomain may not start or end with dash.
● 255 characters max length.
● 63 characters max per subdomain.
● Cannot start or end in dot.
● Restriction of subdomain starting with digit have been
relaxed.
11. Address Literals
● Workarounds for when host names cannot
be resolved.
– @[protocol:host-address]
– IPv4: @[192.1.1.1]
– IPv6: @[IPv6:fe80::a00:20ff:fec2:2ef4]
● Protocol must be registered with ICANN.
[ RFC2821: 4.1.3 ]
12. International Domain Names
● Domain names not representable in US-ASCII
can be registered
● Such domain names cannot be handles by
DNS or existing protocols
● RFC 3490 describes the encoding/decoding
of such domain names from presentation to
protocol:
exämple.com => xn--example-cua.com
● Potential for phising
13. Valid or not?
schalk_cronje@ntaba.biz
● Valid even under strict RFC2822
interpretation
● Most punctuation are valid in local part,
including:
{$cha?k*cr%nje}@ntaba.biz
14. Valid or not?
schalk_cronje@[192.168.1.1]
● Yes, the domain part is an address-literal
● Acceptance of address-literals should be
configurable
– They can be security risks
– RFC2821 prefers usage of MX-based deliveries.
15. Valid or not?
schalk_cronje@192.168.1.1
● No, it is not an address-literal nor a valid
domain name.
● Some systems will attempt to deliver this by
passing the 192.168.1.1 to the domain
resolving subsystem, which in return will
simply return the IP address.
– This violates RFC1123
– This is a potential security risk.
[ RFC1123: 2.1 ]
16. Valid or not?
schalk_cronje@1967.com
● Not valid according to RFC1035
● Limitation lifted in RFC1123.
[ RFC1123: 2.1 ]
17. Valid or not?
schalk_cronje@#192168
● Valid in RFC821 for compatibility with
non-TCP/IP networks.
● Outlawed by RFC2821.
● Not supported by any modern MTA.
[ RFC821: 4.1.2; RFC2821: F.4 ]
18. Valid or not?
schalk_cronje@.ntaba.biz
● No, domain-part may not start with a dot.
[ RFC2822: 3.2.4 ]
19. Valid or not?
schalk_cronje@ntaba.biz.
● No, strictly RFC2822 states that domain-part
may not end with a dot.
● RFC1034 use the dot-ending to indicate
absolute domains (FQDN) in resource
records.
● Most systems will accept, resolve and deliver
this
[ RFC2822: 3.2.4; RFC1034: 3.1]
20. Valid or not?
schalk_cronje@ntaba..biz.
● No, consecutive dots are not allowed in
domain parts.
[ RFC2822: 3.2.4; RFC1034: 3.1]
21. Valid or not?
● No.
.schalk_cronje@ntaba.biz
schalk..cronje@ntaba.biz
– Local-parts may not start with a dot.
– Consecutive dots are not allowed in local parts.
● Pragmatically, many known MTAs don’t care
[ RFC2822: 3.2.4]
22. Valid or not?
schalk_cronje@lon_eng.ntaba.biz
● No, _ is not valid in domain names
● Some DNS servers will support this.
● Some sites do use th_e for internal systems.
● It remains illegal for internet operations
[ RFC2821: 4.1.3 ]
23. Valid or not?
schalk_cronje@lon_eng@ntaba.biz
● No, @ cannot be used unquoted in local
parts
“schalk_cronje@lon_eng”@ntaba.biz
schalk_cronje@lon_eng@ntaba.biz
[ RFC2822: 3.2.5, 3.4 ]
24. Local-part Quoting
● Quoting should only be used where
absolutely necessary
● Where a quoted-form have an unquoted
form...
– The two forms are equivalent
– The unquoted form should be used for
transmission
● Quoting is performed by enclosing local-part
in quotes or preceding a character by
backslash.
[ RFC2821: 4.1.2 ]
25. Valid or not?
<schalk_cronje@ntaba.biz>
● No, this is an envelope for email addresses
● The following is valid:
“<schalk_cronje>”@ntaba.biz
26. Valid or not?
schalk_O”cronje@ntaba.biz
● No, the double quote is a quoting character.
27. Valid or not?
schalk_O'cronje@ntaba.biz
● Yes, apostrophe is valid in unquoted form
28. Valid or not?
“schalk_O”cronje”@ntaba.biz
● This is debatable
● Neither RFC2821, nor RFC2822, is
completely clear whether the double quote is
valid if escaped
Note that the backslash, "", is a quote character, which is
used to indicate that the next character is to be used literally
[ RFC2821: 4.1.2 ]
29. Valid or not?
schalk_cronjé@ntaba.biz
● Not at RFC2821/RFC2822 levels - contains
at one least 8-bit character
● Can be completely valid at the presentation
level
– Email client can take care of translation between
a user-readable form and a level suitable for
transmission
● There is NO agreed standard for encoding
non-US-ASCII in local parts
30. My 8-bit's Worth
● Custom encoding is valid, when both the sender and
receiver will know about the encoding
– Intermediate relays will simply pass it through
● UTF-7:
schalk+AF8-cronj+AOk@ntaba.biz
● RFC2047 (adapted):
=?UTF-8?Q?schalk_cronj=C3=A9?=@ntaba.biz
● Storing email addresses with 8-bit content in XML is
problematic – requires encoding.
31. The 8-bit Legacy
● RFC822 was written in a 7-bit world
– It can be misinterpreted as to 8-bit being legal.
● Some MTAs will actually transmit 8-bit
characters in email addresses
● In-house systems might have a requirement
for 8-bit
● An email must be able to allow, block,
quarantine or filter on 8-bit characters.
32. Valid or not?
"`echo haX0r | /usr/bin/passwd root --stdin`"@ntaba.biz
● Valid even under strict RFC2822
interpretation
● Quoting allows for spaces and | to be used
● Imagine if this was passed to a shell script in
a badly configured system!
33. Valid or not?
"@lon-eng,@scm-eng:schalk_cronje"@ntaba.biz
● Valid even under strict RFC2822
interpretation
● Quoting allows fo@r :, to be used
34. Valid or not?
@lon-eng,@scm-eng:schalk_cronje@ntaba.biz
● Valid even under strict RFC2822
interpretation
● This is an example of a source-route.
● Usage is deprecated
● It is best to remove them, before relaying.
[ RFC2821: 3.7, C, F.2 ]
35. Practical Validation
● Address validation cannot purely be
performed against the RFC
● Context is very important
● Validation at user-level will differ from that at
protocol-level.
RFC rule of thum: bBe as lenient as possible
in what you accept, but as strict as possible
in what you send out.
36. Validation Context
● Context places additional demands on
validation algorithms
● Validation algorithms must be configurable
– Allows for specifics in user environments
– Allows for adaptability within various code
subsystems
37. Pattern Matching
● DOS-patterns (*?) is useful, but not good
enough
● Regex is a better way to perform complex
pattern matches
– Not all users understand regex
– It is therefore good to give users the option of an
input notation, but use regex internally to perform
the matching
38. The *? Problem
schalk*cronje@ntaba.biz
● The above is a valid email address
● Was the intention to filter for this exact
address?
● Or was the intention to filter for addresses
such as
schalkRfcDudecronje@ntaba.biz
● Regex:
– schalk*cronje@ntaba.biz
– schalk.*cronje@ntaba.biz
39. Lists of Addresses
● RFC2822 uses the comma for separating
address lists in headers
● A common misnomer is that it is easy to
delimit addresses usin;g o r ,.
● Although it is possible, it is no trivial task to
parse lists such as
schalk@ntaba.biz, “s,c,h,a,l,k”@ntaba.biz
,s,cha,lk@ntaba.biz , “sch”,alk”@ntaba.biz
40. Real World Violations
● Use of _ in domain-part
● Domain part starts with dot
● Domain part ends in dot
● 4000 characters in local part
● 8-bit characters in local-part
41. What can we do?
● Developers should never make any
assumptions as to what the customer might
need or to what the customer's infrastructure
might be
– Code to be as RFC-compliant as possible, but
allow for configurability as and when needed.
– User interfaces should be context-sensitive.
● Testers should ensure that nobody makes
such assumptions
42. Handling email addresses is an extraodinary
complex matter for something very simple.
Next time you enter an email address...
...you might not want to take it for granted
Questions ?