[caldav] draft-desruisseaux-caldav-sched-09 / question concerning Security

Bernie Hoeneisen <bernie@ietf.hoeneisen.ch> Mon, 07 February 2011 10:56 UTC

Return-Path: <bernie@ietf.hoeneisen.ch>
X-Original-To: caldav@core3.amsl.com
Delivered-To: caldav@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8BC83A6D85 for <caldav@core3.amsl.com>; Mon, 7 Feb 2011 02:56:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.74
X-Spam-Level:
X-Spam-Status: No, score=-100.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 09ezsV5Z3oxZ for <caldav@core3.amsl.com>; Mon, 7 Feb 2011 02:56:40 -0800 (PST)
Received: from softronics.hoeneisen.ch (softronics.hoeneisen.ch [62.2.86.178]) by core3.amsl.com (Postfix) with ESMTP id 87D9D3A6D6C for <caldav@ietf.org>; Mon, 7 Feb 2011 02:56:37 -0800 (PST)
Received: from localhost ([127.0.0.1]) by softronics.hoeneisen.ch with esmtp (Exim 4.71) (envelope-from <bernie@ietf.hoeneisen.ch>) id 1PmOlo-0005HC-QV; Mon, 07 Feb 2011 11:56:36 +0100
Date: Mon, 7 Feb 2011 11:56:36 +0100 (CET)
From: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
X-X-Sender: bhoeneis@softronics.hoeneisen.ch
To: draft-desruisseaux-caldav-sched@tools.ietf.org
Message-ID: <alpine.DEB.2.00.1102071123510.18675@softronics.hoeneisen.ch>
User-Agent: Alpine 2.00 (DEB 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: bernie@ietf.hoeneisen.ch
X-SA-Exim-Scanned: No (on softronics.hoeneisen.ch); SAEximRunCond expanded to false
Cc: caldav@ietf.org
Subject: [caldav] draft-desruisseaux-caldav-sched-09 / question concerning Security
X-BeenThere: caldav@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <caldav.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/caldav>, <mailto:caldav-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/caldav>
List-Post: <mailto:caldav@ietf.org>
List-Help: <mailto:caldav-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/caldav>, <mailto:caldav-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2011 10:56:41 -0000

Dear authors of draft-desruisseaux-caldav-sched

I was going through draft-desruisseaux-caldav-sched and came across 
something rather confusing:

- In the Security Considerations of draft-desruisseaux-caldav-sched, the 
following is specified:

   "Servers and clients MUST use an HTTP connection protected with
    TLS as defined in [RFC2818] for all scheduling transactions."

- RFC 2818 requires:

    "2.4.  URI Format
    HTTP/TLS is differentiated from HTTP URIs by using the 'https'
    protocol identifier in place of the 'http' protocol identifier."

- However, in the IANA Considerations section 16.1 (only) "http" is 
requested for IANA registration:

   "Applicable protocol: http"


This appears rather contradictionary to me. Can you please enlight me 
regarding this matter? I assume that some correction (or at least 
clarification) is needed in draft-desruisseaux-caldav-sched.


cheers,
  Bernie


PS:
The clarification of this question is relevant for an update of RFC 5333, 
which specifies the Enumservices for Calendaring. [FYI: I am author of RFC 
5333 as well as ENUM WG Chair.]


--

http://ucom.ch/
Tech Consulting for Internet Standardization