On Thu, Mar 7, 2013 at 3:25 PM, Danny McPherson <da...@tcb.net> wrote: > On 2013-03-07 13:18, Christopher Morrow wrote: > >> >> please click on this link to accept my TOS: >> <https://badplace.com/malwareCPS.cps.doc.exe.pdf.gif> > > > That could be included anywhere - and if it's in a resource certificate then > you've got far bigger problems than a "malware attack", methinks.
agreed, there's also dns pinning and a host of other ways. > Heck, this might well serve as an early indicator of compromise, if we > really believe this is a legitimate issue. > > It also applies to ANY publication mechanism in any protocol, so I think > it's rather a bit of a reach. Of course, I look forward to text from > "malware attacks" in all IETF documents going forward, and this one > specifically.. :-) yea, it'll be fun! :) -chris > -danny > _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr