[secdir] Secdir last call review of draft-wilde-sunset-header-07
Joseph Salowey <joe@salowey.net> Sun, 18 November 2018 23:57 UTC
Return-Path: <joe@salowey.net>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D67E7126BED; Sun, 18 Nov 2018 15:57:12 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joseph Salowey <joe@salowey.net>
To: secdir@ietf.org
Cc: draft-wilde-sunset-header.all@ietf.org, iesg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.88.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154258543276.2473.3583674797158875383@ietfa.amsl.com>
Date: Sun, 18 Nov 2018 15:57:12 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/WbqGfSw__NIbjol5Qh_pj8LXU_g>
Subject: [secdir] Secdir last call review of draft-wilde-sunset-header-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Nov 2018 23:57:13 -0000
Reviewer: Joseph Salowey Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document has some minor issues. Security considerations - in addition to Jari's comment of lifetime may be sensitive I have concerns about linked resource. For example, the link may refer to another site which could compromise privacy or security if the link was followed. The linked resource seems under-defined, which might lead to security issues if implementations make assumptions about the content of the link.
- [secdir] Secdir last call review of draft-wilde-s… Joseph Salowey