[secdir] Secdir review of draft-ietf-oauth-urn-sub-ns-05
Tero Kivinen <kivinen@iki.fi> Fri, 06 July 2012 23:01 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28C6811E8093; Fri, 6 Jul 2012 16:01:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yG-weOqU8mBF; Fri, 6 Jul 2012 16:01:20 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 3174611E80AA; Fri, 6 Jul 2012 16:01:19 -0700 (PDT)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.5/8.14.5) with ESMTP id q66N1VI5024675 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 7 Jul 2012 02:01:31 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.5/8.12.11) id q66N1UdQ016648; Sat, 7 Jul 2012 02:01:30 +0300 (EEST)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20471.28234.114292.730341@fireball.kivinen.iki.fi>
Date: Sat, 07 Jul 2012 02:01:30 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-oauth-urn-sub-ns.all@tools.ietf.org
X-Mailer: VM 7.19 under Emacs 21.4.1
X-Edit-Time: 12 min
X-Total-Time: 11 min
Subject: [secdir] Secdir review of draft-ietf-oauth-urn-sub-ns-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2012 23:01:21 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document creates a new URN subregistry for oauth use. The security considerations section points out that there is no new security considerations in this document that are not already inherernt to using URNs and points to RFC2141 for more information. On the other hand RFC2141 is very generic and says that there are security considerations that are outside the scope of that document, and they should be included in the document registering the namespace identifiers. As this again only generates subregistry and not any actual registry values, it might be better to just add similar note than what is in RFC2141, adding pointer to another document which says "there is nothing here", isn't that helpful. -- kivinen@iki.fi
- [secdir] Secdir review of draft-ietf-oauth-urn-su… Tero Kivinen