IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-ietf-mediaman-toplevel-03

"Martin J. Dürst" <duerst@it.aoyama.ac.jp> Sun, 15 October 2023 04:07 UTC

Return-Path: <duerst@it.aoyama.ac.jp>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68DC8C15109F; Sat, 14 Oct 2023 21:07:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=itaoyama.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-BqGjt5pGRY; Sat, 14 Oct 2023 21:07:28 -0700 (PDT)
Received: from JPN01-TYC-obe.outbound.protection.outlook.com (mail-tycjpn01on2108.outbound.protection.outlook.com [40.107.114.108]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 47DD9C151096; Sat, 14 Oct 2023 21:07:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C9KYg9t0KMapjzmuxqDFtXMfnuVRZJL7Qm7/rhOTYb0JFWUc9MzhgMmDqTmXrfrKABjjCaJ2p3Vbt1Tfj9H+JA8jKuFyJKWct5qm9/mFfyNEjX78WGdNWVUO52YgTFm5MFcAkPh/XCWXrSSGSxryTx/lvabaSk6bhhu2CxTRsgJ0JyrUGLTr9AkdK20EACUi6EascwS65oS9Sa9w1FeFqxJQnCMytnoNwexDPcIXKnxYZZkpmFc5XTiQ/KZFrLiZ85MHLtclG95oT2jjc0kCeYqrR9J8UpuIS8w69Wb0x4+VhiOIDpEykRefCtue0GXtTIUxfLxvfgS0AG6a0BrYyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4zbipY5MM/AqF7MMn88jwy9508f9V1ZK5x8PowADO0w=; b=Vsmzzbmz5cZCynm2qxb/37JKSRydqxKs3ZOojMp0vYVwCAHsgJJR0e6S6iuceY08ItVlJpWHUt3QI8K0lw2Yo7i/LtiN8T8CTh6VPEo+EZ3hrRp3xI65kwoX7768Nvf8/uisw2AZ8gtrbTh+M6Vid+ZXe29/enoj0Q8JAFNXwUM5hQw6vS248NlnVaQKmQgqqCD5qqH6r5mHLeR1DSoY/dqvyAw0VwGevdWtA0EcluQPElojB4rpNx43DuE/fC7Yp/B/SS0kUtTwZ31LH8kMizHSJK6D5xK8CR/IIQtbQKHFvZTdeBT07agJgSbrzBGS3iSUp4NWJETCUaLx9Wgyig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=it.aoyama.ac.jp; dmarc=pass action=none header.from=it.aoyama.ac.jp; dkim=pass header.d=it.aoyama.ac.jp; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=itaoyama.onmicrosoft.com; s=selector2-itaoyama-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4zbipY5MM/AqF7MMn88jwy9508f9V1ZK5x8PowADO0w=; b=bf1qd/luVS8slyQR6W+mniGDf0ghmRaIcOtrvdkaM4bk35AeLqUD66g+YegcdbIMlEHled2GoqliY/Ijg3QRyjQf1f4qZ1ImVvSsKKu13CagqN66Nuf5GlHWNlp0JtzPyy6URDEIdMaTeps1c8KsX9jxc0YZ0yh8vwx4UcG52ag=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=it.aoyama.ac.jp;
Received: from TYWPR01MB10208.jpnprd01.prod.outlook.com (2603:1096:400:1e4::12) by OS3PR01MB5784.jpnprd01.prod.outlook.com (2603:1096:604:c5::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6886.34; Sun, 15 Oct 2023 04:07:20 +0000
Received: from TYWPR01MB10208.jpnprd01.prod.outlook.com ([fe80::3f6e:2106:71a1:ed78]) by TYWPR01MB10208.jpnprd01.prod.outlook.com ([fe80::3f6e:2106:71a1:ed78%4]) with mapi id 15.20.6886.034; Sun, 15 Oct 2023 04:07:20 +0000
Message-ID: <e2348c6b-f560-eb43-ae7c-1aa5998e70d0@it.aoyama.ac.jp>
Date: Sun, 15 Oct 2023 11:24:53 +0900
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1
Content-Language: en-US
To: Radia Perlman <radiaperlman@gmail.com>, secdir@ietf.org, iesg@ietf.org, draft-ietf-mediaman-toplevel.all@ietf.org
References: <CAFOuuo6g4o+7R2n4hrrbdtkT=a-6Jzy0E_QF2qvmQaaO4VUn4g@mail.gmail.com>
From: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
Organization: Aoyama Gakuin University
In-Reply-To: <CAFOuuo6g4o+7R2n4hrrbdtkT=a-6Jzy0E_QF2qvmQaaO4VUn4g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: TY2PR02CA0061.apcprd02.prod.outlook.com (2603:1096:404:e2::25) To TYWPR01MB10208.jpnprd01.prod.outlook.com (2603:1096:400:1e4::12)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: TYWPR01MB10208:EE_|OS3PR01MB5784:EE_
X-MS-Office365-Filtering-Correlation-Id: 9d01e07c-b2e8-4565-06ea-08dbcd343a3d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9Klch5lhXrx4Zn6N9yDDua5QNeYnbP2L3UEPhjlYABOtmipR1n8veWZbtk2wcdZG+mD4/z1gmQJVsHIRo/c/994sRgK7TodEDZ6gkP+rVlTR2I63JfNPY4DWLuZkWnJ43WThjdAKS1HRynKkedSr+ZprgH6wL7/JZnAP1adWZiD+VLidbNVqfFtUCMD1lMiqKpcbKgkSWt0Mg6feeHLGOa177wfv2q5rqhuiGw8OqbmuBAk6JGQ06i8/sxCswO1hbpKvzzpjsny0mROTZc9jPqZgm48eB3Xr9ZYKbQ4iZKOEsoiwXyNmO72LDPILpSv08oMTimacg6sBmKaFWkaSXwuxylxdkrn7YDugQ33DPYFxHUTEhn1Zb4dC7Ol5vDe0hC3jMiQIs2XQgj1w3WndNOfca0Bsl7+HtkK+9qWO0c0euhQKmGaTIFnGqNoxMMB2qteTTsFgLlk1+1VJ4bh8hE6Q9XlSbjll75fObtXCEKLcd1yloIQkjKbRIx74jtSpSR5sMeuM8Avzm/NKdCtcikVdgPTlY1FN/ESSA4W3ciSKrVimMhB3YAdE8BAf8I/mEAahiF7eoOr53YBWphIKQlHTX7ebhjWq+1QbSgOBU9fT5FF1CRV9fets8OjaP2MelP3NbC5h3v6IdmKwLw25JA==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:TYWPR01MB10208.jpnprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(396003)(366004)(39840400004)(376002)(136003)(230922051799003)(451199024)(64100799003)(186009)(1800799009)(31686004)(6486002)(38100700002)(83380400001)(6666004)(53546011)(52116002)(6512007)(36916002)(6506007)(66946007)(66556008)(66476007)(786003)(316002)(478600001)(2616005)(4001150100001)(2906002)(41300700001)(86362001)(31696002)(41320700001)(5660300002)(8936002)(8676002)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: n36K57YQZIDpqJsep+owxqTZOHnnKBEToUkMV8fZ4Fft/lseED8mXA7TKZ5FHVa11dXGCFxpAA+PhXTfl9/HI8mNCBPuZopwFlAPlmAD5+zCyhQhmHC/Fmn/7kkQCwYzKANpXTbDXcNAWrVX215UBxPE+7VRdYFCgksdhBe9MzEIwx4gysRWSDJ0wYWIU0WkedZvdHsySi55cs2Dv6Nd0+so87cOwLTR//kSyMKj4ODaI7NOE4jLyDwvptznBSJX79WyJW/vkVKFu4QS9QyDu/J5IHSk8P5sJ9wVfykkhVsOulXBUO9nEOBmUdhON7LNqhoTW5I5pDgYgD7yICZuaG6/WSWhuRGtNYoMxMJDk5ywT9jGmw8QvSWSZ6mZD/6LwrXc8htodDVZ0vpz6kmmy0w/O9tcAW/Bhwz8gJ1yuwl9x4Pgy15O6dLX6+yCSmITPYxPjuEnSgSNohWIFdz9ItJKhy1VNGMPjVbxliObKwbYTZ3cB1iwnx5VAQqkU2i3O7HQtfwb9SlZ0epqxF7TPPwrA6b4R5jzyTfghkjOFUkPZQqNPrTQi6ApcE1rreaOouuPGVDFzF4LHfgx2dcK6SnocPvcq70fJ5M6aG6OjubaQxPxb+FhUALqON/OGLjg0/MiadXVGpk0kKVcMHy+riIIuGKJQb4seIqukccuscPUtUzoM0VJxN51IxyXAY3cFuKzBwYn0KhtR6FRvfJEnPYLCHDZFfxv8tBvHpBsSzpM4FTKGZIIBz3Ava3uGIZf+IbiSEspKRw3yzQdha3BmmRvCB9d5EhjYiY/fUM6gZc9AqmtRjC7N68Sr176fMd4hxWE5gPT9JOQ37lDFgrX8UmMViwyk0vYLekF0bM2+881D5lD9LC/LhBF9B2BtxQgvm8UuAY8fN49Id2CWryglNbCMePmO0lJAhaYzkh7gPZcRAUF09uVAqoiANuvkSQrWAIQXxVIN/Ghf1J7tNSYY/dr9tS8/owJt4zcs4NUo/44miu5Ff5JtJmSYskg+IYEwxYnBO4GACACSqJ7jtnqtfNiDN2MhIBZVvKIgv+w7dPlUff21ddRj/QSTSs4rZlfxIysvCXTgnNicqDynRbfb6YJn5bgsbtwwI2U1cnNg/Ufnl6PAXLbUzsokoHK6jO33yU43gUFDP5Bn/MOvQuEWaAJjGeZcs46wBaRLZTMMpr2iaJxKkab9q+BAzOE/gV7bvTemxAvLXC4ggStpnBihPYCrNBM5z7q901J8nt2GJYHV+WKxwERGYHXISZ1UFvD52DCvjpN5qObiSVABvfpmtyjs/K9/Y7b/siD/3VetSvPtjTbbVO3OnRVVr88UwLdEAFowEBl4+oPdlrMFJyisT+PSE691zVvyg+ZnTdOum3+AWmbS/bM0M/P6QmdhNdUxjjF7z501Ei4htHWxiIqSgGXoN45XdUVDeqJNn8+9EHOrVcatemsfOKms+hVc0F7c7oP9lJVLAZcGIm4xDEnauQ1GU+si9KCOVAr8zPyBk5oIPbxFP/LvogpfZRyghLPk1zypRki6eQFSByzbN65YDMpPushYpaxoNgvu9jBzNdrbOBQUPVcNi8SE0mHX3cXT4I6QLWBVCOV2F5SySgNWobd82v7SEqVM7SMFMRM7S9rj/sH0utGINvZ6L8GQ8LQ
X-OriginatorOrg: it.aoyama.ac.jp
X-MS-Exchange-CrossTenant-Network-Message-Id: 9d01e07c-b2e8-4565-06ea-08dbcd343a3d
X-MS-Exchange-CrossTenant-AuthSource: TYWPR01MB10208.jpnprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Oct 2023 04:07:20.3269 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: e02030e7-4d45-463e-a968-0290e738c18e
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: mqrKuy36FA/c+NqtytrPIA7oe5NaPTUjGpyIgE455zztoWub7VlCBCsMrOvXa07ByV1GYVkX2OOKCCGp8zbZcQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: OS3PR01MB5784
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/6X8CDO4blgGgpM6GXgE9_HkqDQ0>
Subject: Re: [secdir] Secdir review of draft-ietf-mediaman-toplevel-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Oct 2023 04:07:30 -0000

Hello Radia,

Many thanks for your (mostly) favorable review. Please see below for one 
specific point.

On 2023-10-13 05:22, Radia Perlman wrote:
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other last call comments.
> 
> 
> 
> I would classify this document as "no issues".
> 
> 
> 
> In the list of MIME types (which we're now supposed to call "Media Types"
> to reflect the fact that they are not just for email anymore), there are
> hierarchical names for the various types including things like
> "application/pkix-cert" or "image/bmp". There are thousands of IANA
> registered types like this under a handful of top level types:
> 
> 
> 
> application/
> 
> audio/
> 
> font/
> 
> image/
> 
> message/
> 
> model/
> 
> multipart/
> 
> text/
> 
> video/
> 
> 
> 
> This document describes under what circumstances one would want to create a
> new top level media type (as opposed to a new subtype under one of the
> existing types). This document does not make it unambiguous as to what the
> best approach is, and there is already a description in RFC 6838 which
> seems adequate to me.

I agree that even with the new document, there are no perfect answers 
(i.e. no list to go through mechanically that would make sure that 
anybody arrives at exactly the same conclusion). But I think we narrowed 
things quite a bit.


> It's not clear what the motivation for creating this
> document now is, but as I said it is "mostly harmless".

The direct motivation was the proposal for a new haptic top level type. 
Our AD was suggesting we needed better criteria. It's also in the WG 
charter. There's also a long-term goal of re-issuing RFC 6838 with this 
material integrated. But that's long-term, so no guarantees :-(.

Regards,   Martin.


> It says under security considerations that it's up to the new type
> specification to say what the security implications are for that type,
> which seems about right to me.
> 
> Radia
>

v2.23.0 | Report a Bug | By Email