RFC 6943

Issues in Identifier Comparison for Security Purposes, May 2013

File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Author:
D. Thaler, Ed.
Stream:
IAB

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC6943

Discuss this RFC: Send questions or comments to the mailing list iab@iab.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 6943


Abstract

Identifiers such as hostnames, URIs, IP addresses, and email addresses are often used in security contexts to identify security principals and resources. In such contexts, an identifier presented via some protocol is often compared using some policy to make security decisions such as whether the security principal may access the resource, what level of authentication or encryption is required, etc. If the parties involved in a security decision use different algorithms to compare identifiers, then failure scenarios ranging from denial of service to elevation of privilege can result. This document provides a discussion of these issues that designers should consider when defining identifiers and protocols, and when constructing architectures that use multiple protocols.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search