Brian E Carpenter
brian.e.carpenter at gmail.com
Sat Jul 2 00:00:34 PDT 2016
On 02/07/2016 07:44, Paul Hoffman wrote:
> On 1 Jul 2016, at 12:37, Russ Housley wrote:
>>>> The security considerations say:
>>>> Since RFCs are sometimes exchanged outside the normal Web sandboxing
>>>> mechanism (such as using the "rsync" program to a mirror site) then
>>>> loaded from a local file, more care must be taken with the HTML than
>>>> is ordinary on the web.
>>>> Is that care already factored into the specification? If so, please say that. If not, what additional care is needed?
>>> It is not factored in. It is impossible to say what additional care would be needed because we cannot anticipate what errors
>>> in browsers would cause problems with random HTML.
>> What care are you expecting people to take to compensate for the lack of “normal web sandboxing”? I cannot figure out what
>> you are expecting here.
> They could "look for strange behavior".
> Alternately, we could remove this security consideration because we don't have any specific advice, but it seems that the
> current preference is to list all know security considerations even if they can't be dealt with in a specific fashion.
I hope that we are not putting CYA phrases into Security Considerations; that is
about as much use as "Security considerations are not discussed in this memo."
Also I am bit vague as to what "normal Web sandboxing" means. Some people just
click on links, I believe.
It might be more meaningful to say something like:
Since RFCs are sometimes exchanged by various file transfer mechanisms
(such as using the "rsync" program to a mirror site) that are not subjected
to specific checks for malicious HTML content, users should ensure that
these checks are carried out prior to opening such transferred files.
(If that isn't the intended meaning, please clarify.)
More information about the rfc-interest