ietf-tools / iddiff

Internet-Draft (ID) diff tool.
Other
7 stars 10 forks source link

domain is not allowed. #51

Closed bhoeneis closed 3 months ago

bhoeneis commented 1 year ago

Trying to use e.g. the following URL to compare with iddiff:

results in the following error:

Is it on purpose to not to allow certain/external domains or is this a bug?

kesara commented 1 year ago

@bhoeneis Author Tools have only allowed a set of domain names. The current list is here.

*.ietf.org
*.rfc-editor.org
*.github.com
*.githubusercontent.com
*.github.io
*.gitlab.com
bhoeneis commented 1 year ago

@kesara Thanks for clarification!

I wonder what's the reason behind (security?) and whether this limitation to a strict list could be relaxed. Would ease the IETF work at least in our team.

rjsparks commented 1 year ago

Hi Bernie -

We can add domains to the allow list on request.

On our side, we will want some confidence that the content at any domain we add is very unlikely to be malicious.

On your side, you should be aware that a malicious user could then make a lot of requests that would drive traffic arbitrary places at pep.foundation if we were to add that domain. Are you in the right place in that organization to declare that risk acceptable, or do you need to ask someone listed at https://www.pep.foundation/about/council/?

This could also apply to whether the tooling would allow xi-include: from that domain in v3 xml.

bhoeneis commented 3 months ago

Thanks a lot for the explanations!

This issue is no longer relevant, as pEp moved their repositories to codeberg.org (which pEp can not act on behalf of).