secdir review of draft-ietf-enum-vcard-05
"Bernard Aboba" <bernard_aboba@hotmail.com> Wed, 28 February 2007 15:23 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HMQeU-0007RR-9o; Wed, 28 Feb 2007 10:23:34 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HJKCt-0003Qk-QA for ietf@ietf.org; Mon, 19 Feb 2007 20:54:15 -0500
Received: from bay0-omc3-s18.bay0.hotmail.com ([65.54.246.218]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HJKCs-0006dP-Gb for ietf@ietf.org; Mon, 19 Feb 2007 20:54:15 -0500
Received: from hotmail.com ([207.46.8.87]) by bay0-omc3-s18.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 19 Feb 2007 17:54:14 -0800
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 19 Feb 2007 17:54:13 -0800
Message-ID: <BAY117-F7F9732C5805F968012D3A93890@phx.gbl>
Received: from 207.46.8.123 by by117fd.bay117.hotmail.msn.com with HTTP; Tue, 20 Feb 2007 01:54:10 GMT
X-Originating-IP: [131.107.0.73]
X-Originating-Email: [bernard_aboba@hotmail.com]
X-Sender: bernard_aboba@hotmail.com
In-Reply-To: <Pine.LNX.4.64.0702161751300.3734@mint.samweiler.com>
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: secdir@mit.edu
Bcc:
Date: Mon, 19 Feb 2007 17:54:10 -0800
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"
X-OriginalArrivalTime: 20 Feb 2007 01:54:13.0918 (UTC) FILETIME=[059863E0:01C75492]
X-Spam-Score: 1.8 (+)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
X-Mailman-Approved-At: Wed, 28 Feb 2007 10:22:50 -0500
Cc: ietf@ietf.org
Subject: secdir review of draft-ietf-enum-vcard-05
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Errors-To: ietf-bounces@ietf.org
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Overall, I found this document to be fairly straightforward and easy to understand. This document registers the Enumservice "vCard" with three subtypes; it is to be used to refer from an ENUM domain name to a vCard instance. As such, the security considerations of ENUM (RFC 3761, Section 6) apply; the reference covers DNS security issues in some depth. Section 6 of this document provides for discussion of additional security considerations, including privacy. I believe that this additional discussion combined with the security considerations section of RFC 3761, covers the security issues. Note that the ENUM record itself need not contain personal information; it just points to a location where access to that information could be obtained. The use of HTTP in this Enumservice allows for authentication and authorization to be utilized to provide access control to user information. The document requires use of standard HTTP authentication (RFC 2617) for this, typically protected within HTTPS. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
- secdir review of draft-ietf-enum-vcard-05 Bernard Aboba