AD review issue #1: Use of ALTREP (was: Re: [Ietf-calsify] Re: AD
review on 2445bis)
aki.niemi at nokia.com
Mon Jun 16 02:56:14 PDT 2008
ma, 2008-06-16 kello 10:03 +0300, ext Aki Niemi kirjoitti:
> > Section 3.2.1:
> > The ALTREP parameter can be used in a lot of places. I bet it's not
> > supported everywhere, and some usages of ALTREP could even be
> > dangerous. Some health warnings should be added here at least.
I think we have a couple of options here. Either limit exactly on what
properties the parameter can occur out of the TEXT value type
properties. Or, keep it as it is currently defined.
In any case, some text should be added to the security considerations.
Specifically, what attack vector did you have in mind?
More information about the Ietf-calsify