RFC 6943 on Issues in Identifier Comparison for Security Purposes
rfc-editor@rfc-editor.org Thu, 09 May 2013 20:44 UTC
Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC2E521F905C for <ietf-announce@ietfa.amsl.com>; Thu, 9 May 2013 13:44:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.19
X-Spam-Level:
X-Spam-Status: No, score=-102.19 tagged_above=-999 required=5 tests=[AWL=0.410, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5JbQCF9wzyFu for <ietf-announce@ietfa.amsl.com>; Thu, 9 May 2013 13:44:14 -0700 (PDT)
Received: from rfc-editor.org (unknown [IPv6:2001:1890:123a::1:2f]) by ietfa.amsl.com (Postfix) with ESMTP id 5FD8321F905B for <ietf-announce@ietf.org>; Thu, 9 May 2013 13:44:13 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id 3627CB1E00B; Thu, 9 May 2013 13:44:02 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: RFC 6943 on Issues in Identifier Comparison for Security Purposes
From: rfc-editor@rfc-editor.org
Message-Id: <20130509204402.3627CB1E00B@rfc-editor.org>
Date: Thu, 09 May 2013 13:44:02 -0700
Cc: rfc-editor@rfc-editor.org
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2013 20:44:15 -0000
A new Request for Comments is now available in online RFC libraries. RFC 6943 Title: Issues in Identifier Comparison for Security Purposes Author: D. Thaler, Ed. Status: Informational Stream: IAB Date: May 2013 Mailbox: dthaler@microsoft.com Pages: 26 Characters: 62676 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-iab-identifier-comparison-09.txt URL: http://www.rfc-editor.org/rfc/rfc6943.txt Identifiers such as hostnames, URIs, IP addresses, and email addresses are often used in security contexts to identify security principals and resources. In such contexts, an identifier presented via some protocol is often compared using some policy to make security decisions such as whether the security principal may access the resource, what level of authentication or encryption is required, etc. If the parties involved in a security decision use different algorithms to compare identifiers, then failure scenarios ranging from denial of service to elevation of privilege can result. This document provides a discussion of these issues that designers should consider when defining identifiers and protocols, and when constructing architectures that use multiple protocols. This document is a product of the Internet Architecture Board. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see http://www.ietf.org/mailman/listinfo/ietf-announce http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. For downloading RFCs, see http://www.rfc-editor.org/rfc.html. Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC