[secdir] secdir review of draft-presuhn-rfc2482-historic-02.txt

Charlie Kaufman <charliek@microsoft.com> Thu, 15 July 2010 19:40 UTC

Return-Path: <charliek@microsoft.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2FD6A3A6A4F; Thu, 15 Jul 2010 12:40:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j1YJ5SMXktsG; Thu, 15 Jul 2010 12:40:01 -0700 (PDT)
Received: from smtp.microsoft.com (mail2.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 102D13A6972; Thu, 15 Jul 2010 12:40:00 -0700 (PDT)
Received: from TK5EX14CASC130.redmond.corp.microsoft.com (157.54.52.9) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 15 Jul 2010 12:40:11 -0700
Received: from TK5EX14MBXC117.redmond.corp.microsoft.com ([169.254.8.169]) by TK5EX14CASC130.redmond.corp.microsoft.com ([157.54.52.9]) with mapi id 14.01.0180.004; Thu, 15 Jul 2010 12:40:11 -0700
From: Charlie Kaufman <charliek@microsoft.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "draft-presuhn-rfc2482-historic.all@tools.ietf.org" <draft-presuhn-rfc2482-historic.all@tools.ietf.org>
Thread-Topic: secdir review of draft-presuhn-rfc2482-historic-02.txt
Thread-Index: AcskUh71Zu+DwcPZQKygSwOh6fkWqQ==
Date: Thu, 15 Jul 2010 19:40:09 +0000
Message-ID: <D80EDFF2AD83E648BD1164257B9B09121A15D965@TK5EX14MBXC117.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.71]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [secdir] secdir review of draft-presuhn-rfc2482-historic-02.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2010 19:40:02 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This is an easy one. It proposes reclassifying an Informational RFC to Historic. There are no non-trivial security considerations.

RFC2482 is an informational RFC describing an escape sequence in UTF* character encodings to embed language tags. While the history of the feature is not clearly stated in the document, it appears that this was an up-and-coming feature in the ISO10646 / UNICODE world at the time RFC2482 was submitted, but that it since has fallen on hard times and is now The UNICODE Consortium strongly recommends against its use. The original proposal had no security considerations, and this document notes correctly that not using the feature can only improve security. The authors of the new document include the authors of the old, so this is unlikely to be some sort of turf war.

Other notes:

RFC2482 said:

   This document has been accepted by ISO/IEC JTC1/SC2/WG2 in meeting
   #34 to be submitted as a recommendation from WG2 for inclusion in
   Plane 14 in part 2 of ISO/IEC 10646.

It would be good to note whether WG2 ever accepted the proposal and whether either ISO/IEC JTC1/SC2/WG2 or WG2 have officially deprecated it to reassure the reader that there is no controversy over its status in those communities.