Citing 'defense-in-depth' doctrine, I vote for implementing 'content-cleansing' in both server (egress cleansing, at least) and stub/libraries (ingress cleansing, at least).
If that's not too much trouble. > ---------- Forwarded message ---------- > From: Benno Overeinder <[email protected]> > To: [email protected] > Cc: > Bcc: > Date: Wed, 25 Aug 2021 12:02:24 +0200 > Subject: Re: https://xdi-attack.net/test.html > > However, the discussion on the mailing list also makes it clear that > there are different ideas about *where* the bad content filtering should > take place, in the infrastructure (ie. the name servers) or at the > endpoint (stub resolvers and libraries). We'd love to hear more > community consensus to make this architectural decision. > -- Pirawat.
