Re: [secdir] secdir review of draft-ietf-calext-extensions-03

"Xialiang (Frank)" <frank.xialiang@huawei.com> Thu, 23 June 2016 02:36 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59EFA12DECE; Wed, 22 Jun 2016 19:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Level:
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4-fwzKe0dhDS; Wed, 22 Jun 2016 19:36:07 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCC9412DEBC; Wed, 22 Jun 2016 19:36:05 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml702-cah.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CML10997; Thu, 23 Jun 2016 02:36:03 +0000 (GMT)
Received: from SZXEMA412-HUB.china.huawei.com (10.82.72.71) by lhreml702-cah.china.huawei.com (10.201.5.99) with Microsoft SMTP Server (TLS) id 14.3.235.1; Thu, 23 Jun 2016 03:36:00 +0100
Received: from SZXEMA502-MBS.china.huawei.com ([169.254.4.245]) by SZXEMA412-HUB.china.huawei.com ([10.82.72.71]) with mapi id 14.03.0235.001; Thu, 23 Jun 2016 10:35:53 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: Cyrus Daboo <cyrus@daboo.name>
Thread-Topic: secdir review of draft-ietf-calext-extensions-03
Thread-Index: AQHRzKiRcj3BzPTaZ06Pv1MX/8z6HZ/2VfXQ
Date: Thu, 23 Jun 2016 02:35:53 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12AF5D344@SZXEMA502-MBS.china.huawei.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12AF5D0BA@SZXEMA502-MBS.china.huawei.com> <0590CB0E84F8E00754D99FE2@cyrus.local>
In-Reply-To: <0590CB0E84F8E00754D99FE2@cyrus.local>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.135.43.91]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.576B4B14.002D, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=169.254.4.245, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 07d7aed9d7a8a20cb49072364656a852
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/IXgXblqHes4Eup4KHr1temtqcv0>
Cc: "draft-ietf-calext-extensions.all@tools.ietf.org" <draft-ietf-calext-extensions.all@tools.ietf.org>, "'iesg@ietf.org'" <iesg@ietf.org>, "'secdir@ietf.org'" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-calext-extensions-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2016 02:36:09 -0000

Great, thank you.

-----邮件原件-----
发件人: Cyrus Daboo [mailto:cyrus@daboo.name] 
发送时间: 2016年6月23日 1:07
收件人: Xialiang (Frank); 'iesg@ietf.org'.org'; 'secdir@ietf.org'.org'; draft-ietf-calext-extensions.all@tools.ietf.org
主题: Re: secdir review of draft-ietf-calext-extensions-03

Hi Xialiang,
Thank you for your review. Fixes described below have been made to my working copy and will be included in the next published draft.

--On June 22, 2016 at 1:39:06 AM +0000 "Xialiang (Frank)" 
<frank.xialiang@huawei.com> wrote:

> Below is a series of my comments, nits for your consideration.
>
> comments:
> section 7
> 1. This section covers the possible new threats brought by new 
> properties and parameters, but does not mention how to mitigate them explicitly.
> Could you consider this point?

I've added some additional text to my working copy to cover that.

> 2. The "Security Considerations" section of [RFC5545] describes the 
> general security issues and its corresponding relation with the 
> transport protocol. It's clear and comprehensive. As the extension 
> draft to the iCalendar object specification, it's a good practice to 
> mention that the security considerations in [RFC5545] continue to 
> apply in this document.

I have added the follow text as the last paragraph of Security
Considerations:

    Security considerations in [RFC5545], and [RFC5546] MUST also be
    adhered to.

I have also added a Privacy Considerations section with similar text.

Also, on further review there were a couple of addition items I felt needed to be added to these sections. In particular text about short REFRESH-INTERVALs being used to trigger denial of service attacks.

> section 5.2--5.6
> These sections specify the extensive properties, and don't follow the 
> template in [RFC5545]. Would it be better to have some text for each 
> extensive property to point out its original specification in 
> [RFC5545] for easy understanding?

OK. I have added text in each of those sections providing a reference back to the section in RFC5545 where the original definitions reside.

> section 5.11
> The new property -- conference, is missed in the previous iCalendar 
> components' definition in section 4;

Fixed.

> nits:
> Section 8.1
> The section number of [RFC5545] referenced here is wrong, it should be 
> modified from 8.2.3 to 8.3.2;
>
> Section 8.2
> The section number of [RFC5545] referenced here is wrong, it should be 
> modified from 8.2.4 to 8.3.3;

Fixed.

--
Cyrus Daboo