Hi Peter, This looks good overall.
Do you need the (e.g., example.com) parentheticals? They don't seem to add anything. On Fri, Jun 24, 2022, at 07:03, Peter Saint-Andre wrote: > 1. Deployments in which multiple services handle the same domain name > (e.g., foo.example.org) via different protocols (e.g., HTTP and IMAP). > In this case an attacker might be able to direct a connecting endpoint > to the service offering a protocol that provides weaker security or that > is more easily exploitable (see [ALPACA] for more detailed information > about this class of attacks). The attack in question isn't so much about weaker security (that's true, but a little abstract), so I might instead say: > In this case an attacker might be able to direct a connecting endpoint > to the service offering a different protocol and mount a cross-protocol > attack. In a cross-protocol attack, the client and server believe they are > using different protocols, which the attacker might exploit if messages > sent in one protocol are interpreted as messages in the other protocol > with undesirable effects (see [ALPACA] for more detailed information > about this class of attacks). (Sending to everyone this time...) Cheers, Martin _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
