IETF Logo Mail Archive

Re: [secdir] secdir review of draft-nottingham-http-link-header

Mark Nottingham <mnot@mnot.net> Wed, 12 August 2009 09:44 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B541A3A635F for <secdir@core3.amsl.com>; Wed, 12 Aug 2009 02:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.451
X-Spam-Level:
X-Spam-Status: No, score=-6.451 tagged_above=-999 required=5 tests=[AWL=-2.852, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JLsuc40FwMj1 for <secdir@core3.amsl.com>; Wed, 12 Aug 2009 02:44:24 -0700 (PDT)
Received: from fallback-in2.mxes.net (fallback-out2.mxes.net [216.86.168.191]) by core3.amsl.com (Postfix) with ESMTP id 9955C3A68BE for <secdir@ietf.org>; Wed, 12 Aug 2009 02:44:07 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by fallback-in1.mxes.net (Postfix) with ESMTP id DD72A2FD7A9 for <secdir@ietf.org>; Wed, 12 Aug 2009 05:40:48 -0400 (EDT)
Received: from [192.168.1.6] (unknown [118.208.160.18]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 70A2522E1F1; Wed, 12 Aug 2009 05:40:15 -0400 (EDT)
Message-Id: <6E228B34-B441-404E-8DDD-8CE46CEAED5E@mnot.net>
From: Mark Nottingham <mnot@mnot.net>
To: Sean Turner <turners@ieca.com>
In-Reply-To: <4A7161C0.4040007@ieca.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Wed, 12 Aug 2009 19:40:11 +1000
References: <4A7161C0.4040007@ieca.com>
X-Mailer: Apple Mail (2.936)
Cc: draft-nottingham-http-link-header@tools.ietf.org, "Julian F. F. Reschke" <julian.reschke@gmx.de>, Lisa Dusseault <lisa.dusseault@gmail.com>, secdir <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-nottingham-http-link-header
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2009 09:44:24 -0000

Thanks, Sean.

I'm not sure how to incorporate your suggestion into the document; did  
you have specific mechanisms in mind, and/or specific placement in the  
draft?

Cheers,


On 30/07/2009, at 7:02 PM, Sean Turner wrote:

> I have reviewed this document as part of the security directorate's  
> ongoing effort to review all IETF documents being processed by the  
> IESG.  These comments were written primarily for the benefit of the  
> security area directors.  Document editors and WG chairs should  
> treat these comments just like any other last call comments.
>
> Document: draft-nottingham-http-link-header-06.txt
> Reviewer: Sean Turner
> Review Date: 2009-07-30
> IETF LC End Date: 2009-08-11
> IESG Telechat date: N/A
>
> Summary: This document specifies relation types for Web links, and  
> defines a registry for them.  It also defines how to send such links  
> in HTTP headers with the Link header-field.
>
> Comments: The security considerations are pretty clear: the content  
> of the fields aren't secured in any way. I think some text should be  
> added that says something like "[Mechanism XYZ] can be combined with  
> [protocol ABC] to provide the following security service: 1, 2, 3."
>
> spt


--
Mark Nottingham     http://www.mnot.net/

v2.23.0 | Report a Bug | By Email