Hi John, The point, again, is that by introducing a way for an attacker to cause a > target system to display arbitrary strings, it would seem reasonable to > wonder if that creates an opportunity for mischief that doesn’t ordinarily > exist in our protocols, involving misleading people looking at the > displayed string in a user interface. >
Hmmm while I am not clear what "our protocols" mean in this context I do see a number of cases where protocols have the ability to carry free form text. For example, how about RFC8203 ? There are few other works in progress to also add such ability. So above all I am trying to sense if your above comment is a specific to draft-ietf-spring-segment-routing-policy (which is by design *strongly* limited to the same administration so it would be pretty weird to be concerned about it) or is it more general in nature ? Thx, Robert
_______________________________________________ spring mailing list spring@ietf.org https://www.ietf.org/mailman/listinfo/spring
