IETF Logo Mail Archive

Re: [calsify] Murray Kucherawy's No Objection on draft-ietf-calext-eventpub-extensions-17: (with COMMENT)

Michael Douglass <mikeadouglass@gmail.com> Wed, 13 January 2021 16:54 UTC

Return-Path: <mikeadouglass@gmail.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31D493A11D3; Wed, 13 Jan 2021 08:54:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.359
X-Spam-Level:
X-Spam-Status: No, score=-2.359 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.262, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eu4mSni5Tdds; Wed, 13 Jan 2021 08:54:23 -0800 (PST)
Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F01923A11CA; Wed, 13 Jan 2021 08:54:22 -0800 (PST)
Received: by mail-qt1-x830.google.com with SMTP id z9so1538287qtn.4; Wed, 13 Jan 2021 08:54:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=kR1SXpNsSt2QNE2L4F74t+K1IPrCMP0ZXgkVFqFOD5U=; b=kmaQ3hHILaysrY2BfTnDN+RNBdQpIugnWJO8AS3WTYgx9hdwdFojyB/AB2lKtXX+4B /bE+CGJ0a7JsxmdPqaStErFiEtYzCI8f8Mfann986T4V+Vp7EtywdnBLLfzQf+tDtLsD hZsfJgl2eRpb2zstWQkIGGYHdBywWvme7xr1bo52h3gC0dGsPxuWrhM6N5APnnpW2mRZ 1WwmgdPOznLbWGfhIKjakquFFCwE6L6VLGt0xM/DkWYZIxyM14EY4g0B6wWAPN2jH2Np SjtEyl9C19atWCvygIN+8HnKfWQjGWZC2sZivP25kHDMciavBxMBZV9wp3zLhOotB0gK SNow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=kR1SXpNsSt2QNE2L4F74t+K1IPrCMP0ZXgkVFqFOD5U=; b=qHTe6Vj4FQZTVrno97nAkw5l4FO0mNGZNEzlSTBadCbHlQYxJu5h+lRCgdIIbd7+0R L/dhm5jKuNBK/x1FvkAqLsRMjXFQmAh4HzxR4+1JKi0lzNxA0mfRAlhP16TzJtYIb2vF 31srY8G+6jIarj2x7tg0M3jy/ZnmxgDMTJnjXWw4rK0cdcd9iIpJUdEICGURGS3GBk+Z q/HwAXL2vLJs14im/H5lntXieMhZdNh6+eftF85C9CcAkdTF5RDrYT4vOfR6kX6asWqf XxqTMafJQULiugdx1PUfkSW+ewdmrPQxpc86W79veZatc7bmx5XV4Sgg+rgBakCeWcSD gTQw==
X-Gm-Message-State: AOAM530I+fbf26zouFyzjA4t0tEms6TGXpDqgpQmHMAe5SQbOyxeppdL E13dOWtqeNzVyCbFoSr2uKGmwAXa70JKaA==
X-Google-Smtp-Source: ABdhPJxUNqoOA9SVYnAoGpqQtDftlIRZkY6i4ySlclpF9PxVL5+26UGn3zQoUmmoDGC1sqYNgvvbqQ==
X-Received: by 2002:ac8:47da:: with SMTP id d26mr3074411qtr.4.1610556861303; Wed, 13 Jan 2021 08:54:21 -0800 (PST)
Received: from [192.168.1.151] (cpe-74-70-70-237.nycap.res.rr.com. [74.70.70.237]) by smtp.googlemail.com with ESMTPSA id c2sm1344761qke.109.2021.01.13.08.54.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 13 Jan 2021 08:54:20 -0800 (PST)
From: Michael Douglass <mikeadouglass@gmail.com>
To: Murray Kucherawy <superuser@gmail.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-calext-eventpub-extensions@ietf.org, calext-chairs@ietf.org, calsify@ietf.org
References: <160978944264.1715.14149807055782718055@ietfa.amsl.com>
Message-ID: <96f3b03b-fae9-0b90-8980-46c81c9b0bf5@gmail.com>
Date: Wed, 13 Jan 2021 11:54:19 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.6.0
MIME-Version: 1.0
In-Reply-To: <160978944264.1715.14149807055782718055@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="------------4143E2BAD0BDC49360C3AC5B"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/rRtgX_wbnaUMFgOaDgGvxsF9b1Y>
Subject: Re: [calsify] Murray Kucherawy's No Objection on draft-ietf-calext-eventpub-extensions-17: (with COMMENT)
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2021 16:54:26 -0000

On 1/4/21 14:44, Murray Kucherawy via Datatracker wrote:
> Murray Kucherawy has entered the following ballot position for
> draft-ietf-calext-eventpub-extensions-17: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer tohttps://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-calext-eventpub-extensions/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Section 1.2 says "For example, we may want to record who is participating in a
> public event", but the Privacy Considerations section doesn't say anything
> about the fact that this could collect data about people who are interested in
> the event, even if they don't go (though the location issue is mentioned).
> Also, especially since 2020, the public event could be a purely online event,
> where location data isn't part of the issue.  (Alternatively, if this is meant
> to address in-person events only, that would be useful to say up front.)

I'll add some extra text- Something like:

OLD

The addition of location information to the new participant component
provides information about the location of participants at a given
time.  This information MUST NOT be distributed to other participants
without that participants express permission.  Agents processing and
distributing calendar data must be aware that it has the property of
providing information about a future time when a given individual may
be at a particular location, which could enable targeted attacks
against that individual.

NEW

   The addition of location information to the new participant
   component provides information about the location of
   participants at a given time. This information MUST NOT be
   distributed to other participants without those participants
   express permission. Note that there may be a number of
   participants who may be unaware of their inclusion in the
   data.

   Agents processing and distributing
   calendar data must be aware that it has the property of
   providing information about a future time when a given
   individual may be at a particular location, which could
   enable targeted attacks against that individual.

END

> Section 6.2 (and other sections, but I noticed it here): ABNF literal strings
> are case-insensitive.  That means, for example, that the ABNF here would allow
> "ACTIVE" for a "partvalue", but would also allow "active", "AcTiVe", etc.  Is
> that acceptable?  (This probably applies to lots of prior CALEXT documents -- I
> admittedly didn't check -- so it may not be worth fixing here.)

I've been working on my ical4j implementation of this and I was having 
the same thoughts.

I looked at rfc4589 - the location types registry - and all the values 
are lower case. There doesn't appear to be any text to specify whether 
or not they are case sensitive values.

5545 says in section 2 "enumerated property values, and property 
parameter values are case-insensitive." - thus ACTIVE and aCtIvE are 
intended to be the same.

However, jscalendar - which we need to be able to map to and from 
says:(Section 3) "Property names and values are case-sensitive."

So 4589 doesn't say anything, 5545 says insensitive jscalendar says 
sensitive.

I'm inclined to at least redo the participant and resource types in 
lower case. jscalendar has a lot of places where it uses the icalendar 
converted to lower case.


> Section 6.4:
>
>     Property Parameters:  IANA, or non-standard property parameters can
>        be specified on this property.
>
> I think that should be "IANA-registered"?  Same issue in Sections 6.5 and 6.6.
Fixed
> Section 7: I believe the ABNF here needs a once-over.
Barry had some fixes I will apply
> Section 9.2: For the threat described in the first paragraph, are there any
> possible mitigations to suggest?
Added some text
> Section 10.2: In "without that participants express permission", that should be
> "participant's".  There's also a period missing at the end of the second last
> paragraph, though as it reads, it's possible there's even some intended text
> missing.
Fixed
> Section 11.2: The rules for making registrations into both the existing
> registries and these new ones are striking.  RFC 8126 doesn't even create a
> category that is a combination of Expert Review and Standards Action, but
> that's what this spells out.  And I wonder what would happen if we were to
> publish a Standards Track RFC (which has IETF consensus) with which the
> Designated Expert disagreed.  I'm not asking for anything to change here given
> that consistency with the existing registries is probably desirable, but it
> does set an unusually high bar for registrations.

I'm inclined to agree - with all the points. If the general feeling is I 
should come up with more manageable constraints I can do that.

>
> _______________________________________________
> calsify mailing list
> calsify@ietf.org
> https://www.ietf.org/mailman/listinfo/calsify

v2.23.0 | Report a Bug | By Email