IETF Logo Mail Archive

[secdir] Secdir review of draft-ietf-httpapi-link-template-02

Radia Perlman <radiaperlman@gmail.com> Wed, 24 May 2023 01:46 UTC

Return-Path: <radiaperlman@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77A96C151527; Tue, 23 May 2023 18:46:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yhqVQtrMKiPB; Tue, 23 May 2023 18:46:47 -0700 (PDT)
Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com [IPv6:2607:f8b0:4864:20::112b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14405C14CE33; Tue, 23 May 2023 18:46:47 -0700 (PDT)
Received: by mail-yw1-x112b.google.com with SMTP id 00721157ae682-561b43fc896so4186057b3.0; Tue, 23 May 2023 18:46:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684892806; x=1687484806; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=NDux70yTjpzQa1gh9aHWq5srRFVw12fg2asygUMzLH8=; b=MMQhw11nemxhXb/zDNHVguVQ2emVWed8Sq3Zdk2lV84T2N/0ZEKUPXhpTM9PJ5g/jO R1o/A37YEhEXybBIeA8/jMKxuBSalSkY5x/2NYqiJLhnrqHGUCcgwBcavX5IMUGWShdv v5Wuh1aG+VEbfDAXN5fQl13iD7qZt9YBPO/tolj4CR2cfmTzqBRTsc9zhYSBq2V9Y1DF DWTOrQgfnZ1rMvVhTE0hJtuFtGwlel51V9ni8nGMxMoXnBjjg1feUo5R8x+cbUNzHoja ebKcNmWndw5g1pq7EsF2mD6xiLBxapIzhPHtEwFwOlOxvsL+WE43Iz174qdivFh/Hpjl lafg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684892806; x=1687484806; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=NDux70yTjpzQa1gh9aHWq5srRFVw12fg2asygUMzLH8=; b=Bp55DWeMWeG3pcwV52VjAgQ6vLwfs/hnGnktiyZzmL+oltNA8W3ZZUE4Dxmk3k2Oh9 itJRXxgGgdj4yoDOI/zq5oq0nJkCU0mB9pv0zwk3RfvLXhWMJwoK2B9cgxIZGVbISk8x m63nIHeG/ivM2zHNAHiy52O8Bsm1FbTmvipDoQb+WDMi8+mCs63JNVHTlD1ml6MK8npH ikuJB7HWJUliDaI7MqYgRP/BwmlIEEQnzaBdpLowf6CoNfna66RKpoGFGT06W6rAafcY 0yWU4qWCFI6YfN1HocIE3KZ7qvHurKGi0LCFzbMrZHvdegDRCSreJSnm+XGDdnhZLIwF corw==
X-Gm-Message-State: AC+VfDyvn/+FcJNqLXzd15D6lreHOeZE6QqFazvkRkQtAk8xKwSq2d3o URavcrr5e/wxik71xvtdNRjkYiLlURut83pY0+zvJDsU668=
X-Google-Smtp-Source: ACHHUZ695TovAAD99sO6fsfEGAiDq3zaB/BF+X2+XUiP0lyj6vNZacu3On3ltb9sQSgXik9vXKNu+n4sCNSKXLe9A+Q=
X-Received: by 2002:a81:d544:0:b0:561:b8a1:e7ef with SMTP id l4-20020a81d544000000b00561b8a1e7efmr17010124ywj.41.1684892805858; Tue, 23 May 2023 18:46:45 -0700 (PDT)
MIME-Version: 1.0
From: Radia Perlman <radiaperlman@gmail.com>
Date: Tue, 23 May 2023 18:46:34 -0700
Message-ID: <CAFOuuo7OSo-uxR=qys9mYiOp71P883z2mRs9GPwPN6aWy+Z4ew@mail.gmail.com>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-httpapi-link-template.all@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002d8bdc05fc66ade3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/FUUh42tgerLLgjQ5Bl5US8SakcQ>
Subject: [secdir] Secdir review of draft-ietf-httpapi-link-template-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2023 01:46:47 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.


This document defines a new HTTP header field, the "Link-Template".


I don't think this new field creates new security issues.


Radia

v2.23.0 | Report a Bug | By Email