<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">Em 01/09/2015, à(s) 18:11:000, Luis E. Muñoz <<a href="mailto:lem@uniregistry.link" class="">lem@uniregistry.link</a>> escreveu:</div><br class="Apple-interchange-newline"><div class=""><p dir="auto" class="">On 1 Sep 2015, at 13:35, Rubens Kuhl wrote:
</p>
<blockquote class=""><p dir="auto" class="">@ll,
</p><p dir="auto" class="">I'm wondering what we have, if any, in resources to prevent URS replay attacks. The threat scenario we've made include access to the "Sent Items" folder of an URS Provider, without access to PGP information. With such access, domains that already received URS-Lock and URS-Suspend commands might be subject to lock or suspension again, even if there is not, at that time, an URS procedure ongoing. That could even happen with a new registrant of that domain.
</p><p dir="auto" class="">I couldn't find anything in the requirements or URS Provider RFIs that would generate information capable of mitigating this threat... am I missing something ?
</p>
</blockquote><p dir="auto" class="">We keep track of the case IDs, so we would notice this to be a dupe. That said, I think your scenario is viable.</p><div class=""><br class=""></div></div></blockquote><br class=""></div><div>Is there a requirement for URS Providers to mention case IDs in their requests ? </div><div><br class=""></div><div><br class=""></div><div>Rubens</div><div><br class=""></div></body></html>