11.5. Mitigation of iTIP Threats
Section 6.1 of iTIP [RFC5546] defines a set of potential threats in a scheduling system, and Section 6.2 of [RFC5546] defines recommendations on how those can be addressed in protocols using iTIP. This specification addresses the iTIP threats in the following manner:
Spoofing the "Organizer"
Addressed by item 4 in Section 11.2.
Spoofing the "Attendee"
Addressed by Section 188.8.131.52 and item 2 in Section 11.2.
Unauthorized Replacement of the "Organizer"
Addressed by item 5 in Section 11.2.
Eavesdropping and Data Integrity
Addressed by requiring TLS. Flooding a Calendar: Addressed by requirements in Section 11.1.
Unauthorized REFRESH Requests
This specification does not support the REFRESH method.
This document was automatically converted to XHTML using an RFC to HTML converter with the original text document at the Internet Engineering Task Force web site at ietf.org . The original text document should be referred to if there are any errors or discrepancies found in this document.
Need to test your iCalendar feeds? The iCalendar Validator provides developers and testers a method to validate their iCalendar feeds, which can take data from either a URL, file or text snippet and compare it against the RFC 5545 specification. We believe we have one of the best iCalendar validation tools available on the internet. More information about the validator can be found here.