[secdir] review of draft-amundsen-item-and-collection-link-relations
"Dan Harkins" <dharkins@lounge.org> Wed, 28 December 2011 18:13 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7675321F8510; Wed, 28 Dec 2011 10:13:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.87
X-Spam-Level:
X-Spam-Status: No, score=-4.87 tagged_above=-999 required=5 tests=[AWL=-0.095, BAYES_05=-1.11, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UXjIyTZT2MlI; Wed, 28 Dec 2011 10:13:33 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 1AA0421F850D; Wed, 28 Dec 2011 10:13:33 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id B54221022404A; Wed, 28 Dec 2011 10:13:32 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Wed, 28 Dec 2011 10:13:32 -0800 (PST)
Message-ID: <d10b5c44f75d0629b693f92600b3e944.squirrel@www.trepanning.net>
Date: Wed, 28 Dec 2011 10:13:32 -0800
From: Dan Harkins <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: draft-amundsen-item-and-collection-link-relations.all@tools.ietf.org
Subject: [secdir] review of draft-amundsen-item-and-collection-link-relations
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Dec 2011 18:13:33 -0000
Hello, I have reviewed draft-amundsen-item-and-collection-link-relations as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft adds two new kinds of web links for "item" and "collection" to allow web resources to identify a relationship as part of a collection and, back the other way, for the collection to identify items that comprise it. Web links were defined in RFC 5988 and that document has a nice Security Considerations section. I see no security issues with this draft that would warrant any special mention and the Security Considerations of this draft basically state that. My only nit is to get rid of the passive voice in the Security Considerations, that is: 's/are not believed to/do not/'. regards, Dan.