[secdir] Secdir review of draft-ietf-mediaman-toplevel-03
Radia Perlman <radiaperlman@gmail.com> Thu, 12 October 2023 20:22 UTC
Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC969C151534; Thu, 12 Oct 2023 13:22:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ugSwoBLta81T; Thu, 12 Oct 2023 13:22:41 -0700 (PDT)
Received: from mail-oa1-x2b.google.com (mail-oa1-x2b.google.com [IPv6:2001:4860:4864:20::2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2730BC14F738; Thu, 12 Oct 2023 13:22:37 -0700 (PDT)
Received: by mail-oa1-x2b.google.com with SMTP id 586e51a60fabf-1dceb2b8823so682447fac.1; Thu, 12 Oct 2023 13:22:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697142156; x=1697746956; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=ja9bjMvG1mgM97iQHhD540MuAz/JwUHD6i+SWCof4Xk=; b=GMHdzVAtilXc8V/vBEiZTRb/72kx7HJ9SrMbtY4CSoMfK1XK84jU4nI4IpF1i1dq0P gP7QMC/eLDK7pOi95rK5JZc2kzAObwTNx5+1e5sSVJM77iyQQEh4ac3O26KYs1UTGg6i 3UuqT+UfL6RrwXzMXrpgUV57v9qLQ+yedjknTmI5E2LtzxhngjgeDm4dEzg2/43HU6qC 07GJLiZ6y4GRF7auN04uE0abuHQKIs96omhlgPgRaoi6NhGmMxo143W+UHqrXDwlIuW+ muOwocTiLmhHf4u6+513CWTnI5aqEDh9aM0iVpUh8HwTjybB5LTfwERkZE73ebgwhrBZ AcgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697142156; x=1697746956; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ja9bjMvG1mgM97iQHhD540MuAz/JwUHD6i+SWCof4Xk=; b=QpsLDZrRvDBoab2fiJr0+Ra80AmyBHPAiOyGxrwb+1RKQnAQ4j4eKbDXfs1PHkJbtw MXbf6XUWLg8aKYRQEQnliFtq9WSnnkavoCjUMmhplC/y5TKiN56qMBUgkXqIL1eBVUa8 wANv7+C+KXPtnWE/3yfGgaVyZHGnIb+x1rJ6vjZtMFmx/h7nogta53AlwKA3Jpq39USu 9Rsc32beFLWBvDc7O6FjYw4Eix4xKtasiNvnd97TB0oM0FQSURbZ6IzbKpLc/ccHKVFY ZX8dLmi9MgV55g/nEPqnOqT34SPVSudxgDVR3eyViTq4MJrJzdUcArJR/LPLA0FpM816 jEqw==
X-Gm-Message-State: AOJu0YyKkTSE3d1zKFhYGC0LJrLkbL46Hd1S7k5a8fuSKo6pkty7lUmv /7ckvLDKrEpgh2989lrUGw5mbNe/0cM+rtVvFxbJ/e4dmFs=
X-Google-Smtp-Source: AGHT+IEc2bH8ptgXVyxpcM5vGRVmrLdZQxY7sqT0992y9t/2hSuRDSlBKRJeJPVByzJStESyA4eS0ti7Pvkeozyl9EE=
X-Received: by 2002:a05:6871:60a:b0:1e9:88a0:a67f with SMTP id w10-20020a056871060a00b001e988a0a67fmr4111279oan.23.1697142156539; Thu, 12 Oct 2023 13:22:36 -0700 (PDT)
MIME-Version: 1.0
From: Radia Perlman <radiaperlman@gmail.com>
Date: Thu, 12 Oct 2023 15:22:27 -0500
Message-ID: <CAFOuuo6g4o+7R2n4hrrbdtkT=a-6Jzy0E_QF2qvmQaaO4VUn4g@mail.gmail.com>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-mediaman-toplevel.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000005fbc1a06078ab3ff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/7nfMl9XuxRfcx-AlDvRZhdT8XOM>
Subject: [secdir] Secdir review of draft-ietf-mediaman-toplevel-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2023 20:22:45 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I would classify this document as "no issues". In the list of MIME types (which we're now supposed to call "Media Types" to reflect the fact that they are not just for email anymore), there are hierarchical names for the various types including things like "application/pkix-cert" or "image/bmp". There are thousands of IANA registered types like this under a handful of top level types: application/ audio/ font/ image/ message/ model/ multipart/ text/ video/ This document describes under what circumstances one would want to create a new top level media type (as opposed to a new subtype under one of the existing types). This document does not make it unambiguous as to what the best approach is, and there is already a description in RFC 6838 which seems adequate to me. It's not clear what the motivation for creating this document now is, but as I said it is "mostly harmless". It says under security considerations that it's up to the new type specification to say what the security implications are for that type, which seems about right to me. Radia
- [secdir] Secdir review of draft-ietf-mediaman-top… Radia Perlman
- Re: [secdir] Secdir review of draft-ietf-mediaman… Martin J. Dürst