[secdir] secdir review of draft-zhu-mobileme-doc-04

Barry Leiba <barryleiba@computer.org> Fri, 25 February 2011 20:19 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 034C43A6A26; Fri, 25 Feb 2011 12:19:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.863
X-Spam-Status: No, score=-102.863 tagged_above=-999 required=5 tests=[AWL=0.114, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id eWjRPtr0Nonx; Fri, 25 Feb 2011 12:19:03 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com []) by core3.amsl.com (Postfix) with ESMTP id 28E773A6A0E; Fri, 25 Feb 2011 12:19:03 -0800 (PST)
Received: by iwl42 with SMTP id 42so1577556iwl.31 for <multiple recipients>; Fri, 25 Feb 2011 12:19:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:date:x-google-sender-auth :message-id:subject:from:to:cc:content-type; bh=D+AAbWMolHRqa2NnZxRejnLLeJ58assWbYSbIQM9UIo=; b=fY7yODrkCnTrC2C6TirRTFJxc9sTVr9esfnoarTwiP19kKaEByygmkLfcXONEe3iQs D1NkzC3TfU8P1vkBxTLcgCoNRxJsCGvQAfAgTEZUzYZst3WvNidFNW97HTRzd7EQg10D edj9mFfhzf8j6tmf5qluCer3Sv63+16FrRnxQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; b=lEcCy4KmQAwF0Uh7Op0ZW2r8N32RZ4nNs3VuTByfCw1C0M8Z2tXKFt7mM5+5lifO6X kSsxEt1Rv/lArB4txLmNO+xmgI+mnLM60cOqH/RWjtryPTJRAD1pmiIWjubhKI4Yq2wX T6Dx12yjzLtiVQI7oPkMgaL6iCULDq2kRGHlU=
MIME-Version: 1.0
Received: by with SMTP id xb6mr1243876icb.387.1298665196283; Fri, 25 Feb 2011 12:19:56 -0800 (PST)
Sender: barryleiba.mailing.lists@gmail.com
Received: by with HTTP; Fri, 25 Feb 2011 12:19:56 -0800 (PST)
Date: Fri, 25 Feb 2011 15:19:56 -0500
X-Google-Sender-Auth: yBLCRHfHVvut-okq5G8zkymEPsY
Message-ID: <AANLkTinc32PopqmcNn5WpXZJ6OD4v91_0_8b-z+Ckc2x@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: secdir@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Cc: draft-zhu-mobileme-doc.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] secdir review of draft-zhu-mobileme-doc-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2011 20:19:04 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This is informational, and documents a system in use (and quite
successfully so) by Apple.  It's a well-written description that
appears to be thorough, and I have to trust that it's accurate and
complete (it seems to be).  Because it's documenting what's already
there, it wouldn't be appropriate to look to change things, in
general, except to ask for clarifications -- and there's nothing I
think I want clarified.  And for what it's worth, the security aspects
of the BTMM service look quite solid.

It's ready to publish.