Re: [secdir] secdir review of draft-ietf-jcardcal-jcal-09
"Klaas Wierenga (kwiereng)" <kwiereng@cisco.com> Fri, 21 March 2014 07:39 UTC
Return-Path: <kwiereng@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D1451A069E; Fri, 21 Mar 2014 00:39:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.048
X-Spam-Level:
X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7RosjJzfnTdA; Fri, 21 Mar 2014 00:39:56 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id 8F3AF1A067E; Fri, 21 Mar 2014 00:39:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3180; q=dns/txt; s=iport; t=1395387587; x=1396597187; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=VkvL3YQexO5aVfR77wQ9C1BSIrEzzgb7bkX8US+B9tE=; b=XXDTjG1Wm925XQ7vmBd6TgOmGQUHHsd/ITEKDe97M5Bj2t9poAdJQ0qR 5kbkwk4RLzBIVLarIcb2OvnFQ6jDCGHU+roxgwkGxJEwk22hELkR0sIuC uaG2L5JvlYTCzZi6tpCq8Wm/hsUqP1q0vnEzDVghQ4Gj6oNTuDdudAWbs A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhMFAHfrK1OtJV2Z/2dsb2JhbABZgwbDYoESFnSCJQEBAQMBeQULAgEIGC4hESUCBA4Fh2UDCQjIOQ2HGReMTYFlMweDJIEUBJZcgW2MaIVJgy0
X-IronPort-AV: E=Sophos;i="4.97,702,1389744000"; d="scan'208";a="311899959"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-6.cisco.com with ESMTP; 21 Mar 2014 07:39:47 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id s2L7dlK6006584 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 21 Mar 2014 07:39:47 GMT
Received: from xmb-aln-x12.cisco.com ([169.254.7.194]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.03.0123.003; Fri, 21 Mar 2014 02:39:46 -0500
From: "Klaas Wierenga (kwiereng)" <kwiereng@cisco.com>
To: Philipp Kewisch <kewisch@gmail.com>
Thread-Topic: secdir review of draft-ietf-jcardcal-jcal-09
Thread-Index: AQHPMjcJwgX+osJyDEaPL10iZVgG5ZrrDxQAgAA99DU=
Date: Fri, 21 Mar 2014 07:39:46 +0000
Message-ID: <A11D43D3-00D1-44DF-814A-31F7B56DB7AF@cisco.com>
References: <894C08E3-0017-4830-9C8F-930CCEB5B2E2@cisco.com>, <532B727A.9060500@gmail.com>
In-Reply-To: <532B727A.9060500@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/Qib1F8LC-vZaUo7h3anVBH7XKAA
Cc: "draft-ietf-jcardcal-jcal.all@tools.ietf.org" <draft-ietf-jcardcal-jcal.all@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-jcardcal-jcal-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 07:39:58 -0000
Hi Philipp, Looks good to me! Klaas Sent from my iPhone > On 20 mrt. 2014, at 23:58, "Philipp Kewisch" <kewisch@gmail.com> wrote: > > Hi Klaas, > > thank you for your corrections. Here is my feedback: >> - Paragraph 3 (converting from iCal to jCal): >> >> The text looks very much like production rules, why not give ABNF? (Ah wait, now that I have read the full document I see that that appears in Appendix B, I think you should at least point to Appendix B here) > The ABNF is considered informative, I was told for jCard that not too much weight should be put into it. Nevertheless, I am happy to mention it if you like. How is this for the introduction to section 3? > > OLD > This section describes how iCalendar data is converted to jCal using > a simple mapping between the iCalendar data model and JSON elements. > NEW > This section describes how iCalendar data is converted to jCal using > a simple mapping between the iCalendar data model and JSON elements. > Aside from the formal description in this section, an informative ABNF is > specified in Appendix B. > END > >> - Paragraph 3.4 and onwards >> >> It is unclear to me when you write for example "Each individual iCalendar property is represented in jCal by …" whether you really mean to write: "Each individual iCalendar property MUST be represented in jCal by…." >> I assume you want to be normative in specifying the format? > > Thanks, I've changed it (almost) as you suggested. > > OLD > Each individual iCalendar property is represented in jCal by an array > with three fixed elements, followed by one or more additional > elements, depending on if the property is a multi-value property as > described in Section 3.1.2 of [RFC5545]. > NEW > In jCal, each individual iCalendar property MUST be represented by an > array with three fixed elements, followed by one or more additional > elements, depending on if the property is a multi-value property as > described in Section 3.1.2 of [RFC5545]. > END > >> - Paragraph 9.2 should RFC4627 not be a normative rather than informative reference? > Yes, indeed. I've changed this and also updated references to rfc7159. While doing this I noticed that we referenced a regex that was in rfc4627 but no longer in rfc7159. I've made some changes: > > OLD > With this in mind, a parser for JSON data should be used for jCal > that is aware of the security implications. For example, the use of > JavaScript's eval() function is only allowed using the regular > expression in Section 6 of [RFC4627]. A native parser with full > awareness of the JSON format should be preferred. > NEW > With this in mind, a parser for JSON data should be used for jCal that > is aware of the security implications. For example, the use of > JavaScript's eval() function is considered an unacceptable security > risk, as described in [RFC7159], Section 12. A native parser with full > awareness of the JSON format should be preferred. > END > > Regards, > Philipp
- [secdir] secdir review of draft-ietf-jcardcal-jca… Klaas Wierenga (kwiereng)
- Re: [secdir] secdir review of draft-ietf-jcardcal… Barry Leiba
- Re: [secdir] secdir review of draft-ietf-jcardcal… Philipp Kewisch
- Re: [secdir] secdir review of draft-ietf-jcardcal… Klaas Wierenga (kwiereng)