Re: [secdir] secdir review of draft-ietf-calext-extensions-03

"Xialiang (Frank)" <> Thu, 23 June 2016 02:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 59EFA12DECE; Wed, 22 Jun 2016 19:36:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.647
X-Spam-Status: No, score=-5.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4-fwzKe0dhDS; Wed, 22 Jun 2016 19:36:07 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id BCC9412DEBC; Wed, 22 Jun 2016 19:36:05 -0700 (PDT)
Received: from (EHLO ([]) by (MOS 4.3.7-GA FastPath queued) with ESMTP id CML10997; Thu, 23 Jun 2016 02:36:03 +0000 (GMT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 23 Jun 2016 03:36:00 +0100
Received: from ([]) by ([]) with mapi id 14.03.0235.001; Thu, 23 Jun 2016 10:35:53 +0800
From: "Xialiang (Frank)" <>
To: Cyrus Daboo <>
Thread-Topic: secdir review of draft-ietf-calext-extensions-03
Thread-Index: AQHRzKiRcj3BzPTaZ06Pv1MX/8z6HZ/2VfXQ
Date: Thu, 23 Jun 2016 02:35:53 +0000
Message-ID: <>
References: <> <0590CB0E84F8E00754D99FE2@cyrus.local>
In-Reply-To: <0590CB0E84F8E00754D99FE2@cyrus.local>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090201.576B4B14.002D, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 07d7aed9d7a8a20cb49072364656a852
Archived-At: <>
Cc: "" <>, "''" <>, "''" <>
Subject: Re: [secdir] secdir review of draft-ietf-calext-extensions-03
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jun 2016 02:36:09 -0000

Great, thank you.

发件人: Cyrus Daboo [] 
发送时间: 2016年6月23日 1:07
收件人: Xialiang (Frank); ''; '';
主题: Re: secdir review of draft-ietf-calext-extensions-03

Hi Xialiang,
Thank you for your review. Fixes described below have been made to my working copy and will be included in the next published draft.

--On June 22, 2016 at 1:39:06 AM +0000 "Xialiang (Frank)" 
<> wrote:

> Below is a series of my comments, nits for your consideration.
> comments:
> section 7
> 1. This section covers the possible new threats brought by new 
> properties and parameters, but does not mention how to mitigate them explicitly.
> Could you consider this point?

I've added some additional text to my working copy to cover that.

> 2. The "Security Considerations" section of [RFC5545] describes the 
> general security issues and its corresponding relation with the 
> transport protocol. It's clear and comprehensive. As the extension 
> draft to the iCalendar object specification, it's a good practice to 
> mention that the security considerations in [RFC5545] continue to 
> apply in this document.

I have added the follow text as the last paragraph of Security

    Security considerations in [RFC5545], and [RFC5546] MUST also be
    adhered to.

I have also added a Privacy Considerations section with similar text.

Also, on further review there were a couple of addition items I felt needed to be added to these sections. In particular text about short REFRESH-INTERVALs being used to trigger denial of service attacks.

> section 5.2--5.6
> These sections specify the extensive properties, and don't follow the 
> template in [RFC5545]. Would it be better to have some text for each 
> extensive property to point out its original specification in 
> [RFC5545] for easy understanding?

OK. I have added text in each of those sections providing a reference back to the section in RFC5545 where the original definitions reside.

> section 5.11
> The new property -- conference, is missed in the previous iCalendar 
> components' definition in section 4;


> nits:
> Section 8.1
> The section number of [RFC5545] referenced here is wrong, it should be 
> modified from 8.2.3 to 8.3.2;
> Section 8.2
> The section number of [RFC5545] referenced here is wrong, it should be 
> modified from 8.2.4 to 8.3.3;


Cyrus Daboo