-
assigned issue to
SECDIR Review: Section 10.4 - Clearer statement on the lack of endpoint identifiers needed
Issue #31
resolved
This section ends with the statement “An extension specification should be created.” Presumably the intent here is to suggest that an extension is needed to remedy the vulnerability resulting from the lack of explicit endpoint identifiers. This should be more clearly stated.
Comments (3)
-
reporter -
reporter Re:
#31.→ <<cset 4555a6ca51c0>>
-
reporter - changed status to resolved
- Log in to comment
We know some of the vulnerabilities pointed out would not have happened if it were done. They were fixed another-way though. The sentence is pointing out that it is likely that there are other vulnerabilities that we do not know right now unless we do this. It is of the precautionary nature.
Perhaps changing the sentence like the following work?