[secdir] review of draft-weiler-rsync-uri-01
David McGrew <mcgrew@cisco.com> Thu, 29 October 2009 16:55 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D5AE93A6836; Thu, 29 Oct 2009 09:55:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.455
X-Spam-Level:
X-Spam-Status: No, score=-6.455 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vqlFulj7r+sb; Thu, 29 Oct 2009 09:55:57 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 36B9B3A67BD; Thu, 29 Oct 2009 09:55:57 -0700 (PDT)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-AV: E=Sophos;i="4.44,647,1249257600"; d="scan'208";a="420599577"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-6.cisco.com with ESMTP; 29 Oct 2009 16:55:50 +0000
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id n9TGtoTX023115; Thu, 29 Oct 2009 16:55:50 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 29 Oct 2009 09:55:50 -0700
Received: from stealth-10-32-254-212.cisco.com ([10.32.254.212]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 29 Oct 2009 09:55:49 -0700
Message-Id: <61154F7D-A83B-411E-A323-6BAF99F23FE8@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: secdir@ietf.org, IESG <iesg@ietf.org>, weiler@tislabs.com, Russ Housley <housley@vigilsec.com>, David Ward <dward@cisco.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 29 Oct 2009 09:51:39 -0700
X-Mailer: Apple Mail (2.936)
X-OriginalArrivalTime: 29 Oct 2009 16:55:49.0951 (UTC) FILETIME=[AAFE74F0:01CA58B8]
Subject: [secdir] review of draft-weiler-rsync-uri-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2009 16:55:57 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The draft defines a URI for rsync, and it refers the reader to the detailed security considerations of RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax), after pointing out that some of those considerations do not apply. This appears to cover the security issues. David
- [secdir] review of draft-weiler-rsync-uri-01 David McGrew
- [secdir] review of draft-weiler-rsync-uri-01 David McGrew