Issues in Identifier Comparison for Security Purposes
draft-iab-identifier-comparison-00
| The information below is for an old version of the document | |||
|---|---|---|---|
| Document | Type | Expired Internet-Draft (individual) | |
| Author | Dave Thaler | ||
| Last updated | 2011-07-02 | ||
| Stream | Internet Architecture Board (IAB) | ||
| Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
| Additional Resources |
|
||
| Stream | IAB state | (None) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
https://www.ietf.org/archive/id/draft-iab-identifier-comparison-00.txt
Abstract
Identifiers such as hostnames, URIs/IRIs, and email addresses are often used in security contexts to identify security principals and resources. In such contexts, an identifier supplied via some protocol is often compared against some policy to make security decisions such as whether the principal may access the resource, what level of authentication or encryption is required, etc. If the parties involved in a security decision use different algorithms to compare identifiers, then failure scenarios ranging from denial of service to elevation of privilege can result.
Authors
Dave Thaler (dthaler@microsoft.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)