[secdir] Secdir last call review of draft-kille-ldap-xmpp-schema-02

Yoav Nir <ynir.ietf@gmail.com> Fri, 08 September 2017 21:25 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A545A124E15; Fri, 8 Sep 2017 14:25:12 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yoav Nir <ynir.ietf@gmail.com>
To: <secdir@ietf.org>
Cc: draft-kille-ldap-xmpp-schema.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.60.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150490591260.17260.5826520927764819469@ietfa.amsl.com>
Date: Fri, 08 Sep 2017 14:25:12 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/XxRsNAu7NSOh4m2o8L-1DBMR82I>
Subject: [secdir] Secdir last call review of draft-kille-ldap-xmpp-schema-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 21:25:13 -0000

Reviewer: Yoav Nir
Review result: Has Nits

The document defines a couple of OIDs for associating a Jabber ID with an LDAP
object.  As such, it is very short and straightforward. I'm not too happy with
the Security Considerations section, which I'll quote here in its entirety:

"This schema enables publishing for XMPP JIDs, and care should be taken to
ensure that this information is not accessed inappropriately."

This is rather generic, and it's true for any piece of information stored
anywhere.  If that is all there is to say, the section might as well read "This
document only registers OIDs and has no special security considerations."

However, I think there is a point that may need to be mentioned. Using this
extension links a JID, which is a personal identifier that often appears on the
public Internet (much like an email address), to an LDAP object, which is
usually limited to an organization, usually the employer of that person. This
linkability only exists for people who have access to the LDAP server, so it's
just that users have to take the same care with JIDs that they do with email
addresses - if you don't want your XMPP messages linked to your employer, or
linked to you by your employer, it is better to use a private JID that is not
linked to your employer's LDAP.

This advice to users may be out of scope, but I would like to see a mention
that JIDs are generally public and pseudonymous, and this links them to a real
person within an LDAP domain.