Hi, > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- >
> > - 7.1: did anyone compare this text to the "most dangerous > code" paper? [1] [1] > http://dl.acm.org/citation.cfm?id=2382204 > > It's been a long time that I've read the paper. I've just skimmed through it now (and shame on ACM for the paywall). I think our text is consistent with the findings from the paper, namely that "TLS implementations frequently do not validate host names", and this is left to developers. The paper has a long list of vulnerable implementations; our advice is to check with certain RFCs that describe how to do proper validation in a given context. Ralph
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
