RFC 6943
Issues in Identifier Comparison for Security Purposes, May 2013
- File formats:
- Status:
- INFORMATIONAL
- Author:
- D. Thaler, Ed.
- Stream:
- IAB
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC6943
Discuss this RFC: Send questions or comments to the mailing list iab@iab.org
Other actions: Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 6943
Abstract
Identifiers such as hostnames, URIs, IP addresses, and email addresses are often used in security contexts to identify security principals and resources. In such contexts, an identifier presented via some protocol is often compared using some policy to make security decisions such as whether the security principal may access the resource, what level of authentication or encryption is required, etc. If the parties involved in a security decision use different algorithms to compare identifiers, then failure scenarios ranging from denial of service to elevation of privilege can result. This document provides a discussion of these issues that designers should consider when defining identifiers and protocols, and when constructing architectures that use multiple protocols.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.