[Enum] FW: secdir review of draft-ietf-enum-vcard-05
"Richard Shockey" <richard@shockey.us> Thu, 01 March 2007 15:57 UTC
Return-path: <enum-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HMnev-0000Be-8s; Thu, 01 Mar 2007 10:57:33 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HMnet-0000A7-Hm for enum@ietf.org; Thu, 01 Mar 2007 10:57:31 -0500
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HMnes-000208-4x for enum@ietf.org; Thu, 01 Mar 2007 10:57:31 -0500
Received: from RSHOCKEYLTXP (neustargw.va.neustar.com [209.173.53.233]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id l21FvKcG011992 for <enum@ietf.org>; Thu, 1 Mar 2007 07:57:26 -0800
From: Richard Shockey <richard@shockey.us>
To: 'IETF ENUM WG' <enum@ietf.org>
Date: Thu, 01 Mar 2007 10:57:15 -0500
Message-ID: <048901c75c1a$48e300d0$81201f0a@cis.neustar.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Thread-Index: AcdbTHFPOpW40j7TS+WVqUZApNKu4AAzdKsg
X-SongbirdInformation: support@songbird.com for more information
X-Songbird: Clean
X-Songbird-From: richard@shockey.us
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 50a516d93fd399dc60588708fd9a3002
Subject: [Enum] FW: secdir review of draft-ietf-enum-vcard-05
X-BeenThere: enum@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: richard@shockey.us
List-Id: Enum Discussion List <enum.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/enum>, <mailto:enum-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:enum@ietf.org>
List-Help: <mailto:enum-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/enum>, <mailto:enum-request@ietf.org?subject=subscribe>
Errors-To: enum-bounces@ietf.org
> -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba@hotmail.com] > Sent: Monday, February 19, 2007 8:54 PM > To: secdir@mit.edu > Cc: ietf@ietf.org > Subject: secdir review of draft-ietf-enum-vcard-05 > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > Overall, I found this document to be fairly straightforward and easy to > understand. This document registers the Enumservice "vCard" with three > subtypes; it is to be used to refer from an ENUM domain name to a vCard > instance. > As such, the security considerations of ENUM (RFC 3761, Section 6) apply; > the reference > covers DNS security issues in some depth. > > Section 6 of this document provides for discussion of additional security > considerations, > including privacy. I believe that this additional discussion combined > with > the security > considerations section of RFC 3761, covers the security issues. > > Note that the ENUM record itself need not contain personal information; it > just points > to a location where access to that information could be obtained. > > The use of HTTP in this Enumservice allows for authentication and > authorization to > be utilized to provide access control to user information. The document > requires use of > standard HTTP authentication (RFC 2617) for this, typically protected > within > HTTPS. > > > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www1.ietf.org/mailman/listinfo/ietf _______________________________________________ enum mailing list enum@ietf.org https://www1.ietf.org/mailman/listinfo/enum
- [Enum] FW: secdir review of draft-ietf-enum-vcard… Richard Shockey