Subj : Netmail in the insecure inbound
To   : Alan Ianson
From : Kai Richter
Date : Tue May 04 2021 13:18:50

Hello Alan!

03 May 21, Alan Ianson wrote to Oli:

 AI>>> The questions is "is it desirable to decompress those packets"
 AI>>> in the insecure inbound.

 Ol>> Can it be automatically unpacked without any security issues
 Ol>> (there can be any file in the archive).

 AI> Yes, it can be. My tosser does that (compress/decompress) all day
 AI> long. Every tosser I have used does that, that is not an issue.

The question is not if a tosser can compress/decompress.

We are talking about insecure inbound handling. Compression rate for ftn format is approx. 80%. In case of security issues the power of the attack increases by factor 5 due to compression.

 AI> hpt checks the mail and finds it has come from an unknown node and
 AI> leaves it in the inbound so I need to decompress it from the command
 AI> line and hpt will then toss it.

This is because it is insecure inbound and it's the task of the node to do the security check.

Regards

Kai

--- GoldED+/LNX 1.1.4.7
 * Origin:  Monobox  (2:240/77)

.