Issues in Identifier Comparison for Security Purposes, May 2013
- File formats:
- D. Thaler, Ed.
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
Identifiers such as hostnames, URIs, IP addresses, and email addresses are often used in security contexts to identify security principals and resources. In such contexts, an identifier presented via some protocol is often compared using some policy to make security decisions such as whether the security principal may access the resource, what level of authentication or encryption is required, etc. If the parties involved in a security decision use different algorithms to compare identifiers, then failure scenarios ranging from denial of service to elevation of privilege can result. This document provides a discussion of these issues that designers should consider when defining identifiers and protocols, and when constructing architectures that use multiple protocols.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.