On Wed, Jul 19, 2017, at 23:44, Sam Whited wrote: > On Wed, Jul 19, 2017 at 8:40 PM, Peter Saint-Andre <[email protected]> > wrote: > > What do implementers think is a "reasonable number of iterations"? My > > sense is that we're talking about at most 4 or 5, and usually 2 or 3.
Apologies for the long delay, I know this thread is rather old now, but I was just reminded of this blog post [1] from Spotify that shows that the non-idempotency of the nickname profile is already a security issue in the wild and that documenting the fact that it may have security implications only goes so far. —Sam [1]: https://labs.spotify.com/2013/06/18/creative-usernames/ _______________________________________________ precis mailing list [email protected] https://www.ietf.org/mailman/listinfo/precis
