[secdir] Review of draft-ietf-xcon-common-data-model-27.txt
Tero Kivinen <kivinen@iki.fi> Fri, 27 May 2011 12:08 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E60BE070E; Fri, 27 May 2011 05:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p+5I2DFlzy1J; Fri, 27 May 2011 05:08:40 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A0B4E068F; Fri, 27 May 2011 05:08:39 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.3/8.14.3) with ESMTP id p4RC8Zgp014658 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 27 May 2011 15:08:35 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.3/8.12.11) id p4RC8X3M021721; Fri, 27 May 2011 15:08:33 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19935.37953.301024.987227@fireball.kivinen.iki.fi>
Date: Fri, 27 May 2011 15:08:33 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: iesg@ietf.org, secdir@ietf.org
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 7 min
X-Total-Time: 9 min
Cc: draft-ietf-xcon-common-data-model.all@tools.ietf.org
Subject: [secdir] Review of draft-ietf-xcon-common-data-model-27.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2011 12:08:41 -0000
This is re-review of the draft I already reviewed at 2011-03-03. The current draft contains some small changes done since, but I do not think it solves the issues I raised in my previous review: 1) The confidentiality is not mandatory even in the cases where the database contains sensitive elements (passwords), it is only SHOULD. 2) The privacy issues is not covered enough. The current version added specific pointer to the section 11.2 of RFC5239, but that only covers one very small privacy issue, i.e. anonymous access. It does not cover gathering sensitive privacy information in the database, i.e. who participated which conferences and with whom. My previous review can be found in http://www.ietf.org/mail-archive/web/secdir/current/msg02482.html -- kivinen@iki.fi
- [secdir] Review of draft-ietf-xcon-common-data-mo… Tero Kivinen
- Re: [secdir] Review of draft-ietf-xcon-common-dat… Tero Kivinen
- Re: [secdir] Review of draft-ietf-xcon-common-dat… Oscar Novo
- [secdir] Review of draft-ietf-pppext-trill-protoc… Paul Hoffman
- Re: [secdir] Review of draft-ietf-xcon-common-dat… Tero Kivinen