Re: [apps-discuss] Stephen Farrell's No Objection on draft-ietf-appsawg-authres-ptypes-registry-04: (with COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 15 October 2014 20:43 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47E3B1ACD1E; Wed, 15 Oct 2014 13:43:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.39
X-Spam-Level:
X-Spam-Status: No, score=0.39 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MANGLED_TOOL=2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYA17yK_Ntmy; Wed, 15 Oct 2014 13:43:18 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 2A4901A88F3; Wed, 15 Oct 2014 13:43:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 35307BED4; Wed, 15 Oct 2014 21:43:17 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UFi4Wo0KAdQQ; Wed, 15 Oct 2014 21:43:16 +0100 (IST)
Received: from [10.87.48.12] (unknown [86.46.19.135]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D7910BEB6; Wed, 15 Oct 2014 21:43:15 +0100 (IST)
Message-ID: <543EDC63.7090107@cs.tcd.ie>
Date: Wed, 15 Oct 2014 21:43:15 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: "Murray S. Kucherawy" <superuser@gmail.com>
References: <20141013090429.7983.2844.idtracker@ietfa.amsl.com> <CAL0qLwYJRYYo=BU3zEEzacP7QrvAaA0ec2isjz4RLjM56_7h1w@mail.gmail.com>
In-Reply-To: <CAL0qLwYJRYYo=BU3zEEzacP7QrvAaA0ec2isjz4RLjM56_7h1w@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/jYIo3YlcGpQgUnN_NmBrByZ6CzA
Cc: Scott Kitterman <scott@kitterman.com>, draft-ietf-appsawg-authres-ptypes-registry@tools.ietf.org, "appsawg-chairs@tools.ietf.org" <appsawg-chairs@tools.ietf.org>, The IESG <iesg@ietf.org>, IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Stephen Farrell's No Objection on draft-ietf-appsawg-authres-ptypes-registry-04: (with COMMENT)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Oct 2014 20:43:20 -0000
On 15/10/14 19:19, Murray S. Kucherawy wrote: > On Mon, Oct 13, 2014 at 2:04 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> > wrote: > >> >> I wondered if it'd be worthwhile asking that the >> designated expert try ensure that the security and privacy >> consequences of new entries also be documented? That's >> assuming there are cases where the header field is likely >> to transit between ADMDs. I'm not sure if that's really >> needed though, but 7001 does have a fairly significant set >> of security considerations, so presumably new entries >> might also deserve a similar level of documentation. OTOH, >> I could buy that experience with 7001 means that this >> isn't really needed or that demanding that level of >> documentation might be counterproductive. >> >> > Actually, RFC7001 doesn't talk about the risks (if any) of this header > field "leaking" outside of ADMDs that will consume it. They should ignore > it by the rules in RFC7001, but it doesn't say how they could leak > interesting details. That would be a useful thing to add if we ever do an > RFC7001bis. > > Unfortunately, I think this is the kind of thing RFC7001 itself should talk > about, because it's a general thing to be considered and not something > specific to new ptypes. Things referenced by this new registry are > probably the wrong place to put that responsibility. Fair 'nuff. Cheers, S. > > -MSK >
- [apps-discuss] Stephen Farrell's No Objection on … Stephen Farrell
- Re: [apps-discuss] Stephen Farrell's No Objection… Murray S. Kucherawy
- Re: [apps-discuss] Stephen Farrell's No Objection… Stephen Farrell