Re: [calsify] Shepherd Review of draft-ietf-calext-caldav-attachments

Ken Murchison <murch@andrew.cmu.edu> Thu, 13 April 2017 18:26 UTC

Return-Path: <murch@andrew.cmu.edu>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21DD21315B1; Thu, 13 Apr 2017 11:26:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O7lUQJspQEgK; Thu, 13 Apr 2017 11:25:58 -0700 (PDT)
Received: from smtp.andrew.cmu.edu (SMTP.ANDREW.CMU.EDU [128.2.105.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC15B1315B5; Thu, 13 Apr 2017 11:25:58 -0700 (PDT)
Received: from [172.31.24.159] (VPN-172-31-24-159.VPN.CMU.LOCAL [172.31.24.159]) (user=murch mech=PLAIN (0 bits)) by smtp.andrew.cmu.edu (8.15.2/8.15.2) with ESMTPSA id v3DIPtd9008929 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 13 Apr 2017 14:25:56 -0400
To: Philipp Kewisch <mozilla@kewis.ch>, Calsify <calsify@ietf.org>
Cc: draft-ietf-calext-caldav-attachments.authors@ietf.org
References: <95b28712-5d79-4eca-ca35-a127ae30fb9c@kewis.ch>
From: Ken Murchison <murch@andrew.cmu.edu>
Organization: Carnegie Mellon University
Message-ID: <babda9f0-17a0-f269-50c7-30156103f9a7@andrew.cmu.edu>
Date: Thu, 13 Apr 2017 14:25:55 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <95b28712-5d79-4eca-ca35-a127ae30fb9c@kewis.ch>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-PMX-Version: 6.3.0.2556906, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2017.4.13.181215
X-SMTP-Spam-Clean: 8% ( HTML_00_01 0.05, HTML_00_10 0.05, BODYTEXTP_SIZE_3000_LESS 0, BODY_SIZE_2000_2999 0, BODY_SIZE_5000_LESS 0, BODY_SIZE_7000_LESS 0, DATE_TZ_NA 0, FROM_EDU_TLD 0, IN_REP_TO 0, LEGITIMATE_SIGNS 0, MSG_THREAD 0, MULTIPLE_REAL_RCPTS 0, NO_CTA_URI_FOUND 0, NO_URI_FOUND 0, NO_URI_HTTPS 0, REFERENCES 0, __BOUNCE_CHALLENGE_SUBJ 0, __BOUNCE_NDR_SUBJ_EXEMPT 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __FORWARDED_MSG 0, __HAS_CC_HDR 0, __HAS_FROM 0, __HAS_MSGID 0, __IN_REP_TO 0, __MIME_TEXT_ONLY 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MIME_VERSION 0, __MOZILLA_USER_AGENT 0, __NO_HTML_TAG_RAW 0, __PHISH_SPEAR_STRUCTURE_1 0, __REFERENCES 0, __SANE_MSGID 0, __SUBJ_ALPHA_NEGATE 0, __TO_MALFORMED_2 0, __TO_NAME 0, __TO_NAME_DIFF_FROM_ACC 0, __TO_REAL_NAMES 0, __USER_AGENT 0)
X-SMTP-Spam-Score: 8%
X-Scanned-By: MIMEDefang 2.78 on 128.2.105.202
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/2hpMkmndY-tm4VuhIqwfIq04dx4>
Subject: Re: [calsify] Shepherd Review of draft-ietf-calext-caldav-attachments
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Apr 2017 18:26:00 -0000


On 04/13/2017 06:05 AM, Philipp Kewisch wrote:
> Hello All,
>
> I've gotten around to finishing my review on this document. Aside from a
> minor typo, I have two simple questions, just to clarify out of personal
> interest:
>
>>     Specific instance  A specific iCalendar instance is targeted by using
>>        its "RECURRENCE-ID" value as the item value.  That value MUST
>>        correspond to the RECURRENCE-ID value as stored in the calendar
>>        object resource (i.e. without any conversion to UTC).  If multiple
>>        items of this form are used, they MUST be unique values.
> Can you clarify why you chose to not allow specifying this value in any
> form, so that the server does timezone translation if needed?

I don't recall the exact reason, but presumably its so that the server 
can simply match the RECURRENCE-ID by value without having to do any 
translation.  Perhaps Cyrus and/or Arnaud remember the exact reasoning.


>>         D.  Upon successful creation of the attachment resource, and
>>             modification of the targeted calendar object resource, the
>>             server MUST return an appropriate HTTP success status
>>             response and include a "Cal-Managed-ID" header field
>>             containing the "MANAGED-ID" parameter value of the newly
>>             created "ATTACH" property.
> Any specific reason to shorten "Calendar" to "Cal" here?

No technical reason as I recall.  I'd recommend against changing it now 
given the existence of a lot of Apple-deployed code.


>>   Malicious content could be introduced into the Calendar Server by way
>>     of a managed attachment, and propagated to many end users via
>>     scheduling.  Servers SHOULD check managed attachments for malicious
>>     or inappropriate content.  Upon detecting of such content, servers
>>     SHOULD remove the attachment, following the rules described in
>>     Section 3.12.5.
> "Calendar Server" should probably be lowercase here, as you are not
> referring to a specific product.

Agreed.  I will make this change.

I also need to look at Gren Elliot's review again and make any necessary 
changes.

-- 
Kenneth Murchison
Principal Systems Software Engineer
Carnegie Mellon University