…efined for that character encoding scheme. . Security Considerations Refer to [ RFC3552 ] for a discussion of terminology used in this section. Examples in this section and discussions of interactions of host environments with scripts and extensions to [ ECMA ] are to be understo…
… face of an attacker who has complete control of the network, as described in [ RFC3552 ]. See Appendix E for a more complete statement of the relevant security properties. TLS consists of two primary components: - A handshake protocol ( Section 4 ) that authenticates the communi…
… DNS. In short, an active attacker corresponds to the conventional threat model RFC3552 for TLS 1.3 RFC8446 Passive and active attackers can exist anywhere in the network, including between the client and client-facing server, as well as between the client-facing and backend serv…
…efined. General guidelines for writing security considerations are defined in [ RFC3552 ] ( BCP 72 ). Specifications using CDDL to define CBOR structures in protocols need to follow those guidelines. Additional topics that could be considered in a security considerations section …
… the scheme) or stop processing altogether. 5. Security Considerations Refer to RFC3552 for a discussion of terminology used in this section. Examples in this section and discussions of interactions of host environments with scripts, modules, and extensions to ECMA-262 are to be …
…e Section 3.1 ). We use terms for communication security as defined in RFC 3552 RFC3552 (e.g. CONFIDENTIALITY or PEER ENTITY AUTHENTICATION). 4.1. Threat Model We consider a setting with following entities: Publisher Wants to publish some content. Audience A group of entities tha…
…e face of an attacker who has complete control of the network, as described in [RFC3552]. See Appendix E for a more complete statement of the relevant security properties. TLS consists of two primary components: - A handshake protocol (Section 4) that authenticates the communicat…
…rovide mechanisms to protect Internet communications and there are guidelines [ RFC3552 ] for applying these in protocol design. But those standards generally do not address PM, the confidentiality of protocol metadata, countering traffic analysis, or data minimisation. In all ca…
…efined. General guidelines for writing security considerations are defined in [ RFC3552 ] ( BCP 72 ). Specifications using CDDL to define CBOR structures in protocols need to follow those guidelines. Additional topics that could be considered in a security considerations section …
…access to a server grants the ability to affect how well-known URIs are served. RFC3552 ] contains some examples of potential security considerations that may be relevant to application protocols and administrators deploying them. 4.1 . Protecting Well-Known Resources Because wel…
… face of an attacker who has complete control of the network, as described in [ RFC3552 ]. See Appendix E for a more complete statement of the relevant security properties. TLS consists of two primary components: - A handshake protocol ( Section 4 ) that authenticates the communi…
…od specifications MUST follow all guidelines and normative language provided in RFC3552: Writing Security Considerations Sections for the DID operations defined in the DID method specification. The Security Considerations section MUST document the following forms of attack for th…
…ny possible countermeasures, is left to each application protocol (see BCP 72 [ RFC3552 ] for best current practice guidance on security threats and defenses). The language tag associated with a particular information item is of no consequence whatsoever in determining whether th…
…hy from the perspective of the JSEP implementation. Thus, the threat model of [ RFC3552 ] applies. In particular, JavaScript can call the API in any order and with any inputs, including malicious ones. This is particularly relevant when we consider the SDP which is passed to setL…
…ny possible countermeasures, is left to each application protocol (see BCP 72 [ RFC3552 ] for best current practice guidance on security threats and defenses). The language tag associated with a particular information item is of no consequence whatsoever in determining whether th…