<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] Proposal: ICANN should cease acceptance of PDF, DOC and other attachments from public comments
- To: GNSO GA Mailing List <ga@xxxxxxxxxxxxxx>
- Subject: [ga] Proposal: ICANN should cease acceptance of PDF, DOC and other attachments from public comments
- From: George Kirikos <gkirikos@xxxxxxxxx>
- Date: Sun, 24 Jan 2010 10:03:17 -0800 (PST)
Hi folks,
Given the numerous vulnerabilities in attachment formats, including PDF:
http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
I propose that ICANN cease to accept all public comments that are in any format
other than ASCII or Unicode text.
The public tends to read the comments of others who've posted on the comment
archives, and it would be very easy for a malevolent individual or group to
hack those who read the public comments. Since ICANN staff themselves read
public comments, it would not take much for an attacker to take advantage of
this fact to gain entrance into the internal networks of ICANN, and potentially
wreak havoc or gain commercial (or even political) advantage through spying.
If some of the largest companies, including Google, can be vulnerable to being
hacked, ICANN should be more sensitive to that potential, and take reasonable
steps to safeguard its staff and the public who read comments. There is very
little to be gained in permitting PDF/DOC and other attachments, and much risk
added by accepting those formats.
Perhaps those submitting comments in those formats can be redirected to an
online form hosted by ICANN, to allow them to cut/paste from their original
submissions in order to resubmit them in plain text.
The same policy should apply to documents posted on other ICANN and
constituency mailing lists.
Sincerely,
George Kirikos
http://www.leap.com/
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|