[caldav] draft-desruisseaux-caldav-sched-09 / question concerning Security
Bernie Hoeneisen <bernie@ietf.hoeneisen.ch> Mon, 07 February 2011 10:56 UTC
Return-Path: <bernie@ietf.hoeneisen.ch>
X-Original-To: caldav@core3.amsl.com
Delivered-To: caldav@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8BC83A6D85 for <caldav@core3.amsl.com>; Mon, 7 Feb 2011 02:56:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.74
X-Spam-Level:
X-Spam-Status: No, score=-100.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09ezsV5Z3oxZ for <caldav@core3.amsl.com>; Mon, 7 Feb 2011 02:56:40 -0800 (PST)
Received: from softronics.hoeneisen.ch (softronics.hoeneisen.ch [62.2.86.178]) by core3.amsl.com (Postfix) with ESMTP id 87D9D3A6D6C for <caldav@ietf.org>; Mon, 7 Feb 2011 02:56:37 -0800 (PST)
Received: from localhost ([127.0.0.1]) by softronics.hoeneisen.ch with esmtp (Exim 4.71) (envelope-from <bernie@ietf.hoeneisen.ch>) id 1PmOlo-0005HC-QV; Mon, 07 Feb 2011 11:56:36 +0100
Date: Mon, 07 Feb 2011 11:56:36 +0100
From: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
X-X-Sender: bhoeneis@softronics.hoeneisen.ch
To: draft-desruisseaux-caldav-sched@tools.ietf.org
Message-ID: <alpine.DEB.2.00.1102071123510.18675@softronics.hoeneisen.ch>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: bernie@ietf.hoeneisen.ch
X-SA-Exim-Scanned: No (on softronics.hoeneisen.ch); SAEximRunCond expanded to false
Cc: caldav@ietf.org
Subject: [caldav] draft-desruisseaux-caldav-sched-09 / question concerning Security
X-BeenThere: caldav@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <caldav.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/caldav>, <mailto:caldav-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/caldav>
List-Post: <mailto:caldav@ietf.org>
List-Help: <mailto:caldav-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/caldav>, <mailto:caldav-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2011 10:56:41 -0000
Dear authors of draft-desruisseaux-caldav-sched
I was going through draft-desruisseaux-caldav-sched and came across
something rather confusing:
- In the Security Considerations of draft-desruisseaux-caldav-sched, the
following is specified:
"Servers and clients MUST use an HTTP connection protected with
TLS as defined in [RFC2818] for all scheduling transactions."
- RFC 2818 requires:
"2.4. URI Format
HTTP/TLS is differentiated from HTTP URIs by using the 'https'
protocol identifier in place of the 'http' protocol identifier."
- However, in the IANA Considerations section 16.1 (only) "http" is
requested for IANA registration:
"Applicable protocol: http"
This appears rather contradictionary to me. Can you please enlight me
regarding this matter? I assume that some correction (or at least
clarification) is needed in draft-desruisseaux-caldav-sched.
cheers,
Bernie
PS:
The clarification of this question is relevant for an update of RFC 5333,
which specifies the Enumservices for Calendaring. [FYI: I am author of RFC
5333 as well as ENUM WG Chair.]
--
http://ucom.ch/
Tech Consulting for Internet Standardization
- [caldav] draft-desruisseaux-caldav-sched-09 / que… Bernie Hoeneisen
- Re: [caldav] draft-desruisseaux-caldav-sched-09 /… Julian Reschke
- Re: [caldav] draft-desruisseaux-caldav-sched-09 /… Bernie Hoeneisen