[secdir] Review of draft-ietf-enum-calendar-service-03
Larry Zhu <lzhu@windows.microsoft.com> Thu, 17 January 2008 10:38 UTC
Return-path: <ietf-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JFS8w-0002uP-De; Thu, 17 Jan 2008 05:38:42 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JFS8t-0002dr-Or; Thu, 17 Jan 2008 05:38:39 -0500
Received: from maila.microsoft.com ([131.107.115.212] helo=smtp.microsoft.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1JFS8t-000766-Du; Thu, 17 Jan 2008 05:38:39 -0500
Received: from TK5-EXHUB-C101.redmond.corp.microsoft.com (157.54.70.76) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.1.240.5; Thu, 17 Jan 2008 02:38:39 -0800
Received: from TK5-EXMLT-W604.wingroup.windeploy.ntdev.microsoft.com (157.54.18.7) by TK5-EXHUB-C101.redmond.corp.microsoft.com (157.54.70.76) with Microsoft SMTP Server id 8.1.240.5; Thu, 17 Jan 2008 02:38:38 -0800
Received: from NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com ([169.254.2.188]) by TK5-EXMLT-W604.wingroup.windeploy.ntdev.microsoft.com ([157.54.18.7]) with mapi; Thu, 17 Jan 2008 02:38:38 -0800
From: Larry Zhu <lzhu@windows.microsoft.com>
To: "rohan@ekabal.com" <rohan@ekabal.com>, "secdir@mit.edu" <secdir@mit.edu>, "enum-request@ietf.org" <enum-request@ietf.org>
Date: Thu, 17 Jan 2008 02:38:36 -0800
Thread-Topic: [secdir] Review of draft-ietf-enum-calendar-service-03
Thread-Index: AchY9R2m/NQHp7FxQt+S/XCejz8/zQ==
Message-ID: <E30895F8BA39B6439F5F1AAA1DBBFB524710A73437@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Spam-Score: -108.0 (---------------------------------------------------)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Cc: "ietf@ietf.org" <ietf@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: [secdir] Review of draft-ietf-enum-calendar-service-03
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I have the following COMMENTS: 1. Overall, the document does not discuss I18N. Is it required that the mailto contains US ASCII only when it is encoded in DNS? This is unclear to me. 2. Section 4, what is the security implication if the same number is used to identify different URIs. In other words, what prevents the choice of numbers from collisions and what happens when there is a collision. "Number squatting" does not seem to be mitigated by DNS SEC as mentioned in the document. This is just not clear to me but I am not an expert here. 3. I agree with the comments that adding some description of potential use cases would help when the PROTO write-up mentions there is no implementation interest. For one thing, security considerations typically would make more sense in the context of use cases. Best regards, --larry _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- [secdir] Review of draft-ietf-enum-calendar-servi… Larry Zhu
- Re: [secdir] Review of draft-ietf-enum-calendar-s… Alexey Melnikov