[secdir] secdir review of draft-ietf-calext-availability-03
"Dan Harkins" <dharkins@lounge.org> Mon, 11 July 2016 22:24 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64DEB12B02A; Mon, 11 Jul 2016 15:24:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rl5AODtMLnIl; Mon, 11 Jul 2016 15:24:58 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 9075F12D0AE; Mon, 11 Jul 2016 15:24:57 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 64E2F1FE02C8; Mon, 11 Jul 2016 15:24:57 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 11 Jul 2016 15:24:57 -0700 (PDT)
Message-ID: <324122b57299b6f400483a0bf581b955.squirrel@www.trepanning.net>
Date: Mon, 11 Jul 2016 15:24:57 -0700
From: Dan Harkins <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-calext-availability.all@ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/XNMK3KKNQthQOdG6-xxO2Cs_SPQ>
Subject: [secdir] secdir review of draft-ietf-calext-availability-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2016 22:24:59 -0000
Greetings,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
This draft specifies a way to use iCalendar to publish time periods
of a person's availability and unavailability. For the record, I am
not knowledgeable of namespace requirements on the components described
in this draft so I'm just assuming that stuff is OK.
I believe this draft is "Ready with issues". Those issues are:
- the steps to calculate free-busy time (section 5) has a for loop
that goes from the lowest priority entry to the highest priority
entry. But the 2nd step says, "Determine if the 'VAVAILABILITY'
is completely overridden by a higher priority component. If so
ignore it." How can a higher priority component already hold that
time if we're looping from lower priority to higher priority?
This step seems superfluous or there's some assumption on the
state of the calendar prior to the loop that I'm not getting.
Please fix this or point me to the text that I missed.
- I am very happy to see Privacy Considerations because that was the
thing that jumped out at me when I started reading. But there are
normative requirements in the Privacy Considerations and I feel
those would be better placed in the appropriate sections of the
draft that deal with that behavior. It is my feeling that Privacy
Considerations (and Security Considerations) should consider the
effects of the normative action described above them and not
indicate additional normative requirements.
Other than that, publish away!
regards,
Dan.
- Re: [secdir] secdir review of draft-ietf-calext-a… Daniel Migault
- [secdir] secdir review of draft-ietf-calext-avail… Dan Harkins