{"draft":"draft-iab-identifier-comparison-09","doc_id":"RFC6943","title":"Issues in Identifier Comparison for Security Purposes","authors":["D. Thaler, Ed."],"format":["ASCII","HTML"],"page_count":"26","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IAB","abstract":"Identifiers such as hostnames, URIs, IP addresses, and email\r\naddresses are often used in security contexts to identify security\r\nprincipals and resources.  In such contexts, an identifier presented\r\nvia some protocol is often compared using some policy to make\r\nsecurity decisions such as whether the security principal may access\r\nthe resource, what level of authentication or encryption is required,\r\netc.  If the parties involved in a security decision use different\r\nalgorithms to compare identifiers, then failure scenarios ranging\r\nfrom denial of service to elevation of privilege can result.  This\r\ndocument provides a discussion of these issues that designers should\r\nconsider when defining identifiers and protocols, and when\r\nconstructing architectures that use multiple protocols.","pub_date":"May 2013","keywords":["Canonicalization","Normalization","Hostname","URI","IRI"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6943","errata_url":null}