Hi,
thanks.
All fine, except…
Sandy Ginoza writes:
We updated the XML to use <ul> and <li> to create bullets.
Even with a bulleted list, this last part isn’t quite clear to
me - what is a matter of a second or two? Also, I may be
misreading this, as I read this as an attacker would do some
minimal thing to attempt to make something bad happen. Perhaps
f> “could only” is meant instead of “would only”.
You're so right. As usual, simplifying the text also improves it.
--- OLD ---
However, in this case, the following occurs: </t>
<ul>
<li>
information is revealed to an authenticated client,</li>
<li>the revealed URL can usually be found via JMAP autodiscovery, and </li>
<li>an
attacker would only need to try the credentials it has with an
autodiscovered JMAP URL (a matter
of a second or two). </li></ul>
--- NEW ---
However, if the client is an attacker, then the attacker is known to
have valid credentials, and RFC 8620 section 2.2 tells the attacker
how to find the revealed URL without the help of this extension. </t>
--- END ---
Arnt
--
auth48archive mailing list -- auth48archive@rfc-editor.org
To unsubscribe send an email to auth48archive-le...@rfc-editor.org
