%% You should probably cite rfc6943 instead of this I-D. @techreport{iab-identifier-comparison-08, number = {draft-iab-identifier-comparison-08}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-iab-identifier-comparison/08/}, author = {Dave Thaler}, title = {{Issues in Identifier Comparison for Security Purposes}}, pagetotal = 25, year = 2013, month = feb, day = 24, abstract = {Identifiers such as hostnames, URIs, IP addresses, and email addresses are often used in security contexts to identify security principals and resources. In such contexts, an identifier supplied via some protocol is often compared using some policy to make security decisions such as whether the security principal may access the resource, what level of authentication or encryption is required, etc. If the parties involved in a security decision use different algorithms to compare identifiers, then failure scenarios ranging from denial of service to elevation of privilege can result. This document provides a discussion of these issues that designers should consider when defining identifiers and protocols, and when constructing architectures that use multiple protocols.}, }