Hi,
Appendix A of draft-ietf-uta-email-deep-05 has the following wording:
Although STARTTLS appears only slightly more complex than separate-
port TLS, we again learned the lesson that complexity is the enemy of
security in the form of the STARTTLS command injection vulnerability
(CERT vulnerability ID #555316).
I suggest to write "Section 2.2 of [RFC7457]" instead of "CERT
vulnerability ID #555316". Indeed, RFC 7457 properly references
CVE-2011-0411 and what CVE is, so it is best to just point to it.
--
Julien ÉLIE
« L'éternité, c'est long, surtout vers la fin. » (Woody Allen)
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
