Hi Vittorio,
Hi all,
thanks for the discussion here! We'll add in the security considerations the
following clarification:
“As this specification provides a mechanism for the RS to trigger user
interaction, it’s important for clients and AS to consider that a malicious RS
might abuse of
Hi all,
thanks for the discussion here! We'll add in the security considerations
the following clarification:
“As this specification provides a mechanism for the RS to trigger user
interaction, it’s important for clients and AS to consider that a malicious
RS might abuse of that feature”
> Surely "rogue" resource servers already have a lot of ways they can annoy
> their own users? Is this a realistic threat?
Yes, this is a realistic threat, and I'm aware of at least one example of it
actually being used (successfully!) to penetrate a corporate network.
On Mar 2, 2023, at
