Re: [secdir] SecDir repeat review of draft-camarillo-rai-media-policy-dataset-02

Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Mon, 09 July 2012 06:30 UTC

Return-Path: <gonzalo.camarillo@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D02B21F8794 for <secdir@ietfa.amsl.com>; Sun, 8 Jul 2012 23:30:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.213
X-Spam-Level:
X-Spam-Status: No, score=-106.213 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NaGElopyhiB4 for <secdir@ietfa.amsl.com>; Sun, 8 Jul 2012 23:30:44 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id 32E7221F877D for <secdir@ietf.org>; Sun, 8 Jul 2012 23:30:44 -0700 (PDT)
X-AuditID: c1b4fb25-b7fc16d000005db2-86-4ffa7aa842bc
Received: from esessmw0191.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 0E.37.23986.8AA7AFF4; Mon, 9 Jul 2012 08:31:05 +0200 (CEST)
Received: from [131.160.36.42] (153.88.115.8) by esessmw0191.eemea.ericsson.se (153.88.115.85) with Microsoft SMTP Server id 8.3.264.0; Mon, 9 Jul 2012 08:31:04 +0200
Message-ID: <4FFA7AA8.4040602@ericsson.com>
Date: Mon, 9 Jul 2012 09:31:04 +0300
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Yaron Sheffer <yaronf.ietf@gmail.com>
References: <4FF9EFA7.7070904@gmail.com>
In-Reply-To: <4FF9EFA7.7070904@gmail.com>
X-Enigmail-Version: 1.4.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGLMWRmVeSWpSXmKPExsUyM+Jvre7Kql/+BofmMFvcfjWLzeLDwocs Fqvuz2B3YPbYOesuu8eSJT+ZPL5c/swWwBzFZZOSmpNZllqkb5fAlbGr7wlzwT3uiom3vzA3 MG7j7GLk5JAQMJE4O/czC4QtJnHh3nq2LkYuDiGBU4wS3x9tYIRwVjFKnFjXzw5SxSugLbHi 2UfmLkYODhYBFYlDm4pBwmwCFhJbbt0HGyQqECwxr/smC0S5oMTJmU9YQMpFBDQlph21AhnJ LLCcUeLsuV1gI4UFAiTe7jvLCGILCWhIrHzVwgpicwLVf53Xzg5xnKTEvfbVbCA2s4CexJSr LYwQtrzE9rdzmCF6tSWWP2thmcAoNAvJ6llIWmYhaVnAyLyKUTg3MTMnvdxIL7UoM7m4OD9P rzh1EyMwrA9u+a26g/HOOZFDjNIcLErivNZb9/gLCaQnlqRmp6YWpBbFF5XmpBYfYmTi4JRq YGRRvHR0ycqaVxyXVjluPeHz4L3gvySnIKfSQ895Dv7IuVygMa3jbLvsyrMWD9ekvn3yT0fM 4/ueuAJJM173hB/6B0/4PTotUbvDlpl5o2CqINdle1fpW/MPeV+dkDa/8IigU4NM8PKmwwL9 r9aprdtvxX30kbRuz/W93/IyvZR2XOL+zPjH8rsSS3FGoqEWc1FxIgC02NDgOQIAAA==
Cc: "draft-camarillo-rai-media-policy-dataset.all@tools.ietf.org" <draft-camarillo-rai-media-policy-dataset.all@tools.ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SecDir repeat review of draft-camarillo-rai-media-policy-dataset-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jul 2012 06:30:45 -0000

Hi Yaron,

thanks for your email. With respect to your last comment, note that it
applies to different document (draft-ietf-sipping-policy-package-08). I
will make the change you propose in AUTH48, it is in my notes for that
draft. Yes, it has taken a while to finish this set of documents but as
soon as the draft you reviewed is approved (media-policy), the whole set
will be approved.

Cheers,

Gonzalo

On 08/07/2012 11:37 PM, Yaron Sheffer wrote:
> I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.
> 
> This is a repeat review of the document, which I reviewed in its previous version.
> 
> The only semi-significant comment I had was addressed in -02.
> 
> To answer Gonzalo's question of a few days ago: I have looked at it again and I now think the XInclude reference is not warranted here.
> 
> I would like to remind Gonzalo to change the following text into normative language, when it comes time for the AUTH48 review: "Thus, the user agent should not insert such sensitive information in a session information document that it sends to the policy server." Though given the history of this document (IESG comments from 2008) I will not be holding my breath.
> 
> Thanks,
> 	Yaron
>