[secdir] review of draft-weiler-rsync-uri-01
David McGrew <mcgrew@cisco.com> Thu, 29 October 2009 18:03 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF50C3A69FE; Thu, 29 Oct 2009 11:03:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.469
X-Spam-Level:
X-Spam-Status: No, score=-6.469 tagged_above=-999 required=5 tests=[AWL=0.130, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f4AL0FSUSNcn; Thu, 29 Oct 2009 11:03:11 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 0BE3F3A697C; Thu, 29 Oct 2009 11:03:11 -0700 (PDT)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-AV: E=Sophos;i="4.44,647,1249257600"; d="scan'208";a="420645471"
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-6.cisco.com with ESMTP; 29 Oct 2009 18:03:27 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id n9TI3RUA004751; Thu, 29 Oct 2009 18:03:27 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 29 Oct 2009 11:03:27 -0700
Received: from stealth-10-32-254-212.cisco.com ([10.32.254.212]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 29 Oct 2009 11:03:26 -0700
Message-Id: <9E8FAA81-5658-4CA7-A1BD-CC3CF0E3C7E5@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: secdir@ietf.org, IESG <iesg@ietf.org>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 29 Oct 2009 11:03:25 -0700
X-Mailer: Apple Mail (2.936)
X-OriginalArrivalTime: 29 Oct 2009 18:03:26.0791 (UTC) FILETIME=[1D0F1D70:01CA58C2]
Cc: weiler@tislabs.com, David Ward <dward@cisco.com>
Subject: [secdir] review of draft-weiler-rsync-uri-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2009 18:03:11 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The draft defines a URI for rsync, and it refers the reader to the detailed security considerations of RFC 3986 (Uniform Resource Identifier (URI): Generic Syntax), after pointing out that some of those considerations do not apply. This appears to cover the security issues. David
- [secdir] review of draft-weiler-rsync-uri-01 David McGrew
- [secdir] review of draft-weiler-rsync-uri-01 David McGrew