Re: [secdir] secdir review of draft-nottingham-http-link-header
Mark Nottingham <mnot@mnot.net> Wed, 12 August 2009 09:44 UTC
Return-Path: <mnot@mnot.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B541A3A635F for <secdir@core3.amsl.com>; Wed, 12 Aug 2009 02:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.451
X-Spam-Level:
X-Spam-Status: No, score=-6.451 tagged_above=-999 required=5 tests=[AWL=-2.852, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JLsuc40FwMj1 for <secdir@core3.amsl.com>; Wed, 12 Aug 2009 02:44:24 -0700 (PDT)
Received: from fallback-in2.mxes.net (fallback-out2.mxes.net [216.86.168.191]) by core3.amsl.com (Postfix) with ESMTP id 9955C3A68BE for <secdir@ietf.org>; Wed, 12 Aug 2009 02:44:07 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by fallback-in1.mxes.net (Postfix) with ESMTP id DD72A2FD7A9 for <secdir@ietf.org>; Wed, 12 Aug 2009 05:40:48 -0400 (EDT)
Received: from [192.168.1.6] (unknown [118.208.160.18]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 70A2522E1F1; Wed, 12 Aug 2009 05:40:15 -0400 (EDT)
Message-Id: <6E228B34-B441-404E-8DDD-8CE46CEAED5E@mnot.net>
From: Mark Nottingham <mnot@mnot.net>
To: Sean Turner <turners@ieca.com>
In-Reply-To: <4A7161C0.4040007@ieca.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Wed, 12 Aug 2009 19:40:11 +1000
References: <4A7161C0.4040007@ieca.com>
X-Mailer: Apple Mail (2.936)
Cc: draft-nottingham-http-link-header@tools.ietf.org, "Julian F. F. Reschke" <julian.reschke@gmx.de>, Lisa Dusseault <lisa.dusseault@gmail.com>, secdir <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-nottingham-http-link-header
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2009 09:44:24 -0000
Thanks, Sean. I'm not sure how to incorporate your suggestion into the document; did you have specific mechanisms in mind, and/or specific placement in the draft? Cheers, On 30/07/2009, at 7:02 PM, Sean Turner wrote: > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should > treat these comments just like any other last call comments. > > Document: draft-nottingham-http-link-header-06.txt > Reviewer: Sean Turner > Review Date: 2009-07-30 > IETF LC End Date: 2009-08-11 > IESG Telechat date: N/A > > Summary: This document specifies relation types for Web links, and > defines a registry for them. It also defines how to send such links > in HTTP headers with the Link header-field. > > Comments: The security considerations are pretty clear: the content > of the fields aren't secured in any way. I think some text should be > added that says something like "[Mechanism XYZ] can be combined with > [protocol ABC] to provide the following security service: 1, 2, 3." > > spt -- Mark Nottingham http://www.mnot.net/
- [secdir] secdir review of draft-nottingham-http-l… Sean Turner
- Re: [secdir] secdir review of draft-nottingham-ht… Mark Nottingham
- Re: [secdir] secdir review of draft-nottingham-ht… Sean Turner
- Re: [secdir] secdir review of draft-nottingham-ht… Mark Nottingham
- Re: [secdir] secdir review of draft-nottingham-ht… Sean Turner