Liang Xia via Datatracker <noreply@xxxxxxxx> wrote: > But about my one question, I have not seen any response or actions: "Issues for > clarification: In Security Considerations, besides the DoS attacks brought by > the malicious payloads, is there any other kinds of attack possibly? For > example, virus or worm are hidden in the malicious payloads to attack the > system for more damages? Does it make sense and what's the consideration?" Hi, thank you for the review comments. Aside from possible buffer-overflow attacks that would attempt to smash the stack of a process, none of the content carried in ffv1 is intended to be executable. A virus or worm hidden in the payload would be rendered as if it was visual data by normal software processing. Clearly, a malicious system could use the ffv1 format in an attempt to disquise itself, but that would take a co-consipirator to extract that content. -- Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works -= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call