The Security Considerations section of aggregate-reporting-14 currently
consists of a placeholder. Suggested text follows.
7. Security Considerations
Aggregate reports are supposed to be processed automatically. An
attacker might attempt to compromise the integrity or availability of
the report processor by sending ill-formed reports. In particular, the
archive decompressor and XML parser are at risk to resource exhaustion
attacks (zip bomb or XML bomb).
The data contained within aggregate reports may be forged. An attacker
might attempt to interfere by submitting false reports in masses.
See also the security considerations of [dmarc-bis] (Section 11).
Regards,
Matt
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
