inc-ops-notifications - [InCommon NOTICE] Incident report: Introduction of ` ` escaped character into metadata
Subject: InCommon Operations Notifications
List archive
[InCommon NOTICE] Incident report: Introduction of ` ` escaped character into metadata
Chronological Thread
- From: "Nic Roy" <>
- To: "Nic Roy" <>
- Subject: [InCommon NOTICE] Incident report: Introduction of ` ` escaped character into metadata
- Date: Tue, 20 Oct 2020 13:49:23 -0600
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aog5UBKXnMTwViBXYZA0edzlW0iDBYsaBZwqH8PsiN0=; b=IKbBe8QF8UBZGVfxSqWqVx0t9BZ1/pvqrRRXE6l0HrcrpmMLA/C6mTYGaPAgRT48tZkzyUnRuJ89zaCPC+Y1sAQ7BXmytG+9vJfKPb2KBR3miimoUC/lP+E3MkVZW9b11p6zOADNMm/6IY1F5C6BNr8QxL+zrKmzC+sopl5GUmRgSZZpkN3TIwl564VvKyFoQsSTYhMG0eTG730JCU+fpHs1HOpzLVbH6PCkvbOAALxgv9/NUA1ILzvaBhVTzSdqspkrY+MB/dqksoYKuLV9+QbRTM+oCig4FfTmGK9A5EukCJBubl5fMcqN0ruY8CrrITfT1bHApc56Mx5c0dMabg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jJtC/Ude7pHr27UXKmhmCKyXsTNZ4c3FYOROjeyyae0TAn0wc5cs1O3x1HoBfujHzacrq9PspH3RGbuzHZON+LsMUfywIS66/+qSznvJf/wJpILD3Fg4dQDQeL0jgsskftCgsRz8U1z5MKD7w6dvv1FmxeLpndmCQyCRIAjU29H2IUw1lSsemwQJz/MWZpBBG5QQ0Jk4hg88NgF7F3QWJ5L1btNwYArE7Rg/9UPgYQEiE6v/7hbtt+r7amiF1KrU3T8sNtlksfBE9Q9TPddainfkrtDbvMZcv42qGppD7qqsNAHOO1KV12+/3u22kzM53n+WgtMd/KidItRt+YvV0Q==
Hello,
As part of InCommon’s commitment to transparency, we publish reports on security and non-security incidents which affect the operation of the InCommon federation. On October 6th, InCommon operations performed a bulk change to federation metadata which introduced the mailto: scheme in the vast majority of contacts published in metadata. An unintended consequence of this change was that a number of carriage return characters which had existed in certain fields in metadata for quite some time, were transcoded into escaped sequences that appeared in metadata as . This caused some types of federating software to fail to verify the signature on InCommon and some other federations’ metadata correctly. We worked to fix the issue as soon as we found out about it, and have provided a report on it on our Incident Handling wiki page: https://spaces.at.internet2.edu/x/DAkOCg.
If you have any questions or concerns, please feel free to send a note to .
Best Regards,
Nic Roy
Director of Technology and Strategy
InCommon / Internet2 Trust and Identity Services
Attachment:
signature.asc
Description: OpenPGP digital signature
- [InCommon NOTICE] Incident report: Introduction of ` ` escaped character into metadata, Nic Roy, 10/20/2020
Archive powered by MHonArc 2.6.19.