[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

evaluation: draft-klensin-name-filters

To: iesg-secretary@ietf.org
Subject: evaluation: draft-klensin-name-filters
From: Steve Bellovin <smb@research.att.com>
Date: Thu, 18 Sep 2003 10:23:18 -0400
Cc: iesg@ietf.org

At the start of Section 5, there appears to be some missing 
bibliographic citations -- just "( - )" is written.

Other security considerations that should be mentioned:

	Some characters have special or privileged meanings on some
	systems (i.e., ` on Unix).  Applications should be careful to
	escape those locally if necessary.  By the same token, they
	are legal, and should not be disallowed locally for such reasons
	if a remote site chooses to use them.

	The presence of local checking does not excuse any lack of
	checking remotely.  Note that this can apply to a single 
	machine; in particular, a local MTA should not assume that
	a local MUA has properly escaped locally-significant special
	characters.


		--Steve Bellovin, http://www.research.att.com/~smb

Follow-Ups:
- Re: evaluation: draft-klensin-name-filters
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Re: FW: Discuss on draft-ietf-iptel-trip-mib-08.txt
Next by Date: For Your Review: draft-hayashi-igap-03.txt
Previous by thread: Question on: draft-ietf-pkix-logotypes-11.txt
Next by thread: Re: evaluation: draft-klensin-name-filters
Index(es):
- Date
- Thread