Thanks, added as a list -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast
> -----Original Message----- > From: dmarc <dmarc-boun...@ietf.org> On Behalf Of Matthäus Wander > Sent: Friday, March 22, 2024 7:15 PM > To: dmarc@ietf.org > Subject: [dmarc-ietf] Security Considerations in aggregate-reporting > > The Security Considerations section of aggregate-reporting-14 currently > consists > of a placeholder. Suggested text follows. > > 7. Security Considerations > > Aggregate reports are supposed to be processed automatically. An attacker > might > attempt to compromise the integrity or availability of the report processor by > sending ill-formed reports. In particular, the archive decompressor and XML > parser are at risk to resource exhaustion attacks (zip bomb or XML bomb). > > The data contained within aggregate reports may be forged. An attacker might > attempt to interfere by submitting false reports in masses. > > See also the security considerations of [dmarc-bis] (Section 11). > > Regards, > Matt > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/dmarc__;!!C > Ql3mcHX2A!DFefgrWpAI8yZl-vaXTMNo- > w25DyauJ5lIv7PgXtLK8GuOehfQXU0cRr94m41JRipIHn7C- > myd1B9T5zxeCUhXOszRZMN0b3Z6SfZIb4$ _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
