This draft simply adds in a description field to the Port Control Protocol.

While this does not raise security concerns in itself, uses of the field may. In particular, the (ab)use of the DNS TXT field to stuff site local or non-standard control data into the protocol might become a problem 




I suspect it won't be long before someone has the idea that their application announce itself with a description of "# SELECT * FROM Bobby.tables". 

The SC should point out that the data is not authenticated for this purpose and relying on (or executing) descriptions is a trail of tears.




-- 

Website: 

http://hallambaker.com/