On May 10, 2021, at 05:42, Pieter Lexis <pieter.le...@powerdns.com> wrote:
>> On 5/9/21 2:01 PM, Dick Franks wrote: >> Pre-processing of '\\,' into the RFC1035 standard '\,' is >> superficially attractive, but also fraught with danger. >> >> A parser could have some fun with this one: >> >> $ORIGIN example.com >> @ SVCB 1 foo >> key6="\032\001\013\184\000\000\000\000\000\000\000\000\\\\,\000" >> ; a.k.a. ipv6hint=2001:db8::5c5c:2c00 > > A zone owner/editor would never even think of typing in IP addresses > like that. Right, but an attacker who wants to take advantage of the impact of that observation in the construction of some parser might, which is why it's a security concern. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
