>> >>- User account credentials incorrect >> - User account credentials change required > >[Joe] I am concerned that these error messages reveal too much >information to an attacker.
I agree there are risks if used inappropriately, but nonetheless there are reasonable uses for these (for example, switching it on temporarily when debugging) as these are very common error conditions. I suggest that these be optional to implement and use, and that we have security considerations text that highlights the issue. Happy to propose some text. Josh. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu