[langsec-discuss] Harmful Consequences of Postel's Maxim

Hanno Böck hanno at hboeck.de
Mon Jul 6 18:40:28 UTC 2015


On Mon, 6 Jul 2015 11:32:26 -0700
Derick Winkworth <ccie15672 at gmail.com> wrote:

> https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00
> 
> Note section 6.

Related to Postel's Law: Antoine Delignat-Lavaud had a talk on last
year's black hat where he also statet that "Liberal in what you accept"
is the wrong approach and he has very practical examples how this can
lead to security vulns ("Cookie Clutter"). He recommends that malformed
inputs should be rejected in general:
https://www.youtube.com/watch?v=s1EGLWXsf2g

When I watched that talk I wasn't aware that this was already a statet
goal of langsec.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20150706/3d213285/attachment.sig>


More information about the langsec-discuss mailing list