Ryan Armstrong
Ryan Armstrong
Thoughts on my current proposal restated below? @TobiasAhnoff @randomstuff > Verify that cryptographically secured tokens use a digital signature or MAC to protect against tampering, which is checked before accepting...
@randomstuff Good point. The wording could be changed to focus not on *use* but to ensure *validation* occurs, which may also fit better with V5 (a discussed possible location for...
@elarlang PR at #2372
May I suggest wording that favours rejection over acceptance? For example, rather than "accepts a token only if.." what about "rejects the token if..."?
The gravity of this thread has pulled me in to leave my thoughts and then quickly leave. I agree that the standard feels quite large (and personally I would axe...
Following discussion, consensus was to keep this requirement in V3 (see #2270 for new section description proposal). I would like to suggest the following wording: > Verify that the application...
@tghosth Not sure, but IMO it is perhaps challenging to define and test and may be infrequently applicable.
@tghosth Please see #2292
@tghosth is there a vision or template/structure for consistent section text? I would be happy to make a proposal, but my personal preference is for more verbosity and I know...
How about something like this (adapting V13.5): ### Purpose This section provides key security requirements to prevent attacks related to communication security and session management targeting WebSocket communication channels. ###...