Re: [calsify] Secdir telechat review of draft-ietf-calext-ical-relations-09
Michael Douglass <mikeadouglass@gmail.com> Mon, 14 February 2022 22:03 UTC
Return-Path: <mikeadouglass@gmail.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09C0C3A14CD; Mon, 14 Feb 2022 14:03:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.812
X-Spam-Level:
X-Spam-Status: No, score=-7.812 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.714, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ETW64s-W8X6V; Mon, 14 Feb 2022 14:03:50 -0800 (PST)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BD603A142E; Mon, 14 Feb 2022 14:03:10 -0800 (PST)
Received: by mail-qt1-x82b.google.com with SMTP id s1so16741049qtw.9; Mon, 14 Feb 2022 14:03:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=FFZgcWXs40bMlGqFyek053TZUXitw0VfEoWBkfT0EfI=; b=KtoghUTaMdNRmN15br4mFNefJbNy5A9W2TRHJCawICXD3d+3pVsD6KLDtoXBKRIImZ njZUjy78kOE3HXwdGADnP6lZRZ+iEZXfiv+pm18dc0PT+6ofr33rBaWZMUwsaLgZ9i3r jN872XC3yZUQ9RYwDMfgEmDze8Mz7k9qI6Vc+pFUwK1sXWJhIftSbmw2ww4Thwn5+gd1 14l5Frva2/lopYY2ol4meXPQY6wRghILDOZkYb+8yS1i7JO3mZLVdHkFzjypvIOICh4G QheHqQuVWWh3pge4KaCAKvObveSnfLnkna318qNrEERmqRTFfTmKmF4A+dlq2dd4XgBa Fi6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=FFZgcWXs40bMlGqFyek053TZUXitw0VfEoWBkfT0EfI=; b=BygbsPqTaY2kwpz2Ln0Xhnq8Z1VyxxU/tccj6AdIX2N6CjxDqMfB7rhNfTiaMMdTiq cXoOJDYyWtOUArHp8k4/8MF9+QEfRX6IcEdoza7PEgUM6d6drVbu7yR/HhRZ08t8p7eb o1QGV/AoHYcAQmmMuqkRSMvfUrr/bWv81vENSS0cantIbt6sCdv+VeZSKiyO6MfHpyfX cyE8Frfisp2x7+XjDwie5eDCFLVG/wpIW4vWQkvAxMlDOaaq60XbBE1B6CX5cKZI2Tth hEGs3obzyGFutLq7lrH74X2JWicxPS3BV4PshxuS0YTpDRUF393IjF7dlWnl01kKeVux +cnQ==
X-Gm-Message-State: AOAM533cJWMj0txQmrAJWGXibBSZ5hdW+XBU7bwpeERGTz4rzAwVrEkt VWw8TIokFll4KpH12hILX2w=
X-Google-Smtp-Source: ABdhPJzH0LxXKRdULgfy1RXMUS0qockr3nKHhS2YFzNsMrhxaRnGNyUlqeaN3xICXc3sH1YEhazA0Q==
X-Received: by 2002:a05:622a:24e:: with SMTP id c14mr752723qtx.305.1644876188658; Mon, 14 Feb 2022 14:03:08 -0800 (PST)
Received: from [192.168.1.151] (cpe-74-70-70-237.nycap.res.rr.com. [74.70.70.237]) by smtp.googlemail.com with ESMTPSA id 22sm19219768qtw.75.2022.02.14.14.03.07 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Feb 2022 14:03:08 -0800 (PST)
Message-ID: <2834d0d5-437b-7fe3-83b9-f7acc0b83fd8@gmail.com>
Date: Mon, 14 Feb 2022 17:03:07 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.6.0
Content-Language: en-US
To: Catherine Meadows <catherine.meadows@nrl.navy.mil>, secdir@ietf.org
Cc: draft-ietf-calext-ical-relations.all@ietf.org, last-call@ietf.org, calsify@ietf.org
References: <164442710515.4563.6397829591254976677@ietfa.amsl.com>
From: Michael Douglass <mikeadouglass@gmail.com>
In-Reply-To: <164442710515.4563.6397829591254976677@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/-LY70wKeK-U1aClndGtNdi6UebY>
Subject: Re: [calsify] Secdir telechat review of draft-ietf-calext-ical-relations-09
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Calendaring and Scheduling Standards Simplification <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Feb 2022 22:04:01 -0000
On 2/9/22 12:18, Catherine Meadows via Datatracker wrote: > Reviewer: Catherine Meadows > Review result: Has Nits > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > The summary of the review is Ready with nits. > > This draft describes an update of the iCalendar RELATED-TO property, > introducing new properties LINK, CONCEPT, and REFID. In particular, RELATED-TO > only allowed the value type TEXT. Depending on the property draft extends the > allowed value types to include URI and UID, and REFERENCE, where REFERENCE is a > URI with a pointer to a fragment of XML code. > The Security Considerations Section correctly points out that the security > impact of the new/expanded properties is in the new data types URI and > REFERENCE they can return, and the fact that they may point to external > sources which may vanish or be replaced. This is supplemented with reference > to the security considerations in the appropriate RFC’s. > > My only concern with the previous draft was that the risks of values of type > REFERENCE were not addressed. This has now been taken care of. > > Nits: In the definition of REFERENCE, “it's use as an anchor” should be “its > use as an anchor”. Thank you - fixed. > > > _______________________________________________ > calsify mailing list > calsify@ietf.org > https://www.ietf.org/mailman/listinfo/calsify
- [calsify] Secdir telechat review of draft-ietf-ca… Catherine Meadows via Datatracker
- Re: [calsify] Secdir telechat review of draft-iet… Michael Douglass