On Mon, 6 Jul 2015 11:32:26 -0700 Derick Winkworth <ccie15...@gmail.com> wrote:
> https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00 > > Note section 6. Related to Postel's Law: Antoine Delignat-Lavaud had a talk on last year's black hat where he also statet that "Liberal in what you accept" is the wrong approach and he has very practical examples how this can lead to security vulns ("Cookie Clutter"). He recommends that malformed inputs should be rejected in general: https://www.youtube.com/watch?v=s1EGLWXsf2g When I watched that talk I wasn't aware that this was already a statet goal of langsec. -- Hanno Böck http://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: BBB51E42
pgpcwSv6ZLPoX.pgp
Description: OpenPGP digital signature
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
