On 5/6/25 12:48, tirumal reddy wrote:
On Mon, 5 May 2025 at 21:56, Paul Wouters <paul@xxxxxxxxx <mailto:paul@xxxxxxxxx>> wrote:
First of all, the contact details are completely untrusted (eg when
obtaining a DNS via DHCP) or superfluous (eg when the user configured
[...]
Note that an attacker being able to give you an email address to use
is very dangerous - it will facilitate endusers to receive malicious
email responses from an attacker.
[...]
I believe this document is actually harmful to endusers, with no
meaningful gains for IT teams. If I was a browser vendor, I would
only allow displaying i18n text for EDE enums.
please elaborate how it is harmful to end-users.
There are multiple examples of that in Paul's previous message [1], one of which you quoted above.
The other non-quoted examples can be found in that message [1] by Ctrl+F "Use a globally trusted ID", "desensitized", "incidents number can be customized for tracking", etc.
I'm pointing to these because they have not been answered, so perhaps were overlooked.
[1]: https://mailarchive.ietf.org/arch/msg/dnsop/nSQrWxfeoEvD6_Fd8U7HpXvbbH4/
Best,
Peter
(hats off)
--
https://desec.io/
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
