[rfc-i] draft-iab-html-rfc-03.txt

paul.hoffman at vpnc.org (Paul Hoffman) Fri, 01 July 2016 17:02 UTC

From: paul.hoffman at vpnc.org (Paul Hoffman)
Date: Fri, 01 Jul 2016 10:02:19 -0700
Subject: [rfc-i] draft-iab-html-rfc-03.txt
In-Reply-To: <AB0EAE56-95EF-451D-ADB9-9621352A1A45@vigilsec.com>
References: <20160630212722.29518.45020.idtracker@ietfa.amsl.com> <AB0EAE56-95EF-451D-ADB9-9621352A1A45@vigilsec.com>
Message-ID: <AC464B29-AF81-4630-BF9C-11523E8730AE@vpnc.org>

On 1 Jul 2016, at 8:06, Russ Housley wrote:

> The security considerations say:
>
>    Since RFCs are sometimes exchanged outside the normal Web 
> sandboxing
>    mechanism (such as using the "rsync" program to a mirror site) then
>    loaded from a local file, more care must be taken with the HTML 
> than
>    is ordinary on the web.
>
> Is that care already factored into the specification?  If so, please 
> say that.  If not, what additional care is needed?

It is not factored in. It is impossible to say what additional care 
would be needed because we cannot anticipate what errors in browsers 
would cause problems with random HTML.

--Paul Hoffman

[rfc-i] draft-iab-html-rfc-03.txt Russ Housley
[rfc-i] draft-iab-html-rfc-03.txt Paul Hoffman
[rfc-i] draft-iab-html-rfc-03.txt Russ Housley
[rfc-i] draft-iab-html-rfc-03.txt Paul Hoffman
[rfc-i] draft-iab-html-rfc-03.txt Brian E Carpenter
[rfc-i] draft-iab-html-rfc-03.txt Dave Crocker
[rfc-i] draft-iab-html-rfc-03.txt Joe Hildebrand jhildebr