[calsify] Secdir telechat review of draft-ietf-calext-ical-relations-09
Catherine Meadows via Datatracker <noreply@ietf.org> Wed, 09 February 2022 17:18 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: calsify@ietf.org
Delivered-To: calsify@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 507DA3A09C1; Wed, 9 Feb 2022 09:18:25 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Catherine Meadows via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: calsify@ietf.org, draft-ietf-calext-ical-relations.all@ietf.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.44.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <164442710515.4563.6397829591254976677@ietfa.amsl.com>
Reply-To: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Date: Wed, 09 Feb 2022 09:18:25 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/YDNWrUno9BXum4RcgziRSgrTvXM>
Subject: [calsify] Secdir telechat review of draft-ietf-calext-ical-relations-09
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Calendaring and Scheduling Standards Simplification <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Feb 2022 17:18:25 -0000
Reviewer: Catherine Meadows Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits. This draft describes an update of the iCalendar RELATED-TO property, introducing new properties LINK, CONCEPT, and REFID. In particular, RELATED-TO only allowed the value type TEXT. Depending on the property draft extends the allowed value types to include URI and UID, and REFERENCE, where REFERENCE is a URI with a pointer to a fragment of XML code. The Security Considerations Section correctly points out that the security impact of the new/expanded properties is in the new data types URI and REFERENCE they can return, and the fact that they may point to external sources which may vanish or be replaced. This is supplemented with reference to the security considerations in the appropriate RFC’s. My only concern with the previous draft was that the risks of values of type REFERENCE were not addressed. This has now been taken care of. Nits: In the definition of REFERENCE, “it's use as an anchor” should be “its use as an anchor”.
- [calsify] Secdir telechat review of draft-ietf-ca… Catherine Meadows via Datatracker
- Re: [calsify] Secdir telechat review of draft-iet… Michael Douglass