Hi Arnt, We have updated the document as described below. Please review and let us know if any additional updates are needed or if you approve the RFC for publication.
The files are available here: https://www.rfc-editor.org/authors/rfc9698.xml https://www.rfc-editor.org/authors/rfc9698.txt https://www.rfc-editor.org/authors/rfc9698.pdf https://www.rfc-editor.org/authors/rfc9698.html Diffs highlighting the most recent updates: https://www.rfc-editor.org/authors/rfc9698-lastdiff.html https://www.rfc-editor.org/authors/rfc9698-lastrfcdiff.html AUTH48 diff: https://www.rfc-editor.org/authors/rfc9698-auth48diff.html Comprehensive diffs: https://www.rfc-editor.org/authors/rfc9698-diff.html https://www.rfc-editor.org/authors/rfc9698-rfcdiff.html Thank you, RFC Editor/sg > On Dec 5, 2024, at 4:23 AM, Arnt Gulbrandsen <a...@gulbrandsen.priv.no> wrote: > > Hi, > > thanks. > > All fine, except… > > Sandy Ginoza writes: >> We updated the XML to use <ul> and <li> to create bullets. Even with a >> bulleted list, this last part isn’t quite clear to me - what is a matter of >> a second or two? Also, I may be misreading this, as I read this as an >> attacker would do some minimal thing to attempt to make something bad >> happen. Perhaps > f> “could only” is meant instead of “would only”. > You're so right. As usual, simplifying the text also improves it. > > --- OLD --- > However, in this case, the following occurs: </t> > <ul> > <li> > information is revealed to an authenticated client,</li> > <li>the revealed URL can usually be found via JMAP autodiscovery, and </li> > <li>an > attacker would only need to try the credentials it has with an autodiscovered > JMAP URL (a matter > of a second or two). </li></ul> > --- NEW --- > However, if the client is an attacker, then the attacker is known to > have valid credentials, and RFC 8620 section 2.2 tells the attacker > how to find the revealed URL without the help of this extension. </t> > --- END --- > > Arnt > -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
