- From: Yves Lafon <notifications@github.com>
- Date: Thu, 24 Nov 2022 05:10:35 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 24 November 2022 13:10:47 UTC
Hi, we discussed the issue again during our last teleconference. The issue of malicious discovery is still there as it won't start with a brute-force attack, but more on probable zone names (especially if it involves interface names). Also the use of `%` as a delimiter is still seen as problematic as it is the escape delimiter and can lead to exploit of existing parsers that are not careful about when to apply unescaping. The lack of implementation support in browsers is another source of concern, it would be good also to get agreement within IETF, especially with the group in charge of maintenance of rfc3986. Thanks -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/774#issuecomment-1326433378 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/774/1326433378@github.com>
Received on Thursday, 24 November 2022 13:10:47 UTC