Dear DNSOP community,
I would like to introduce an informational draft by Forescout Research Labs. The
draft discusses common implementation flaws in DNS clients that lead to security
vulnerabilities. This draft stems from a set of vulnerabilities found during our
research
(https://www.forescout.c
On Mon, 3 May 2021 at 18:23, Ben Schwartz wrote:
>
> The purpose of this two-layer escaping is to allow key-independent tokenizing
> of SvcParam values. For example, I just wrote an implementation of the
> parser that works as follows:
>
> 1. Tokenize
> a. Scan forward looking for whitespace
On Tue, May 4, 2021 at 12:09 PM Dick Franks wrote:
> The brutal reality is that the char-string parser has already
> obliterated the distinction between escaped and unescaped commas
> before the value-list parser is invoked.
>
Yes, hence the use of "\\," for embedded commas in value-list values.
