Issues in Identifier Comparison for Security Purposes
draft-iab-identifier-comparison-00

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Last updated 2011-07-02
Stream IAB
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Additional URLs
Stream IAB state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-iab-identifier-comparison-00.txt

Abstract

Identifiers such as hostnames, URIs/IRIs, and email addresses are often used in security contexts to identify security principals and resources. In such contexts, an identifier supplied via some protocol is often compared against some policy to make security decisions such as whether the principal may access the resource, what level of authentication or encryption is required, etc. If the parties involved in a security decision use different algorithms to compare identifiers, then failure scenarios ranging from denial of service to elevation of privilege can result.

Authors

Dave Thaler (dthaler@microsoft.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)