On Fri, 3 Sep 2004, Yakov Shafranovich wrote:
I haven't seen this mentioned in the drafts, but I remember someone
Bellovin bringing this up in a different forum in regards to SPF a few
http://www.interesting-people.org/archives/interesting-people/200401/msg00037.html
Steve Bellovin is security area advisor at IETF and part of IESG. While
we're at it please look through his message and compare if we solved other
issues mentioned there too.
months ago. Among the two RR formats for Sender-ID, is the TXT format.
As Steve pointed out, parsing any kind of free form data can potentially
lead to security issues if the parsers are not written properly (such as
buffer overruns). Therefore, it might be useful to add a section or just
a few sentences to mention that issue.
I agree. This should be in protocol draft.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net