[secdir] SecDir review of draft-ietf-appsawg-about-uri-scheme
Warren Kumari <warren@kumari.net> Tue, 01 May 2012 21:03 UTC
Return-Path: <warren@kumari.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACDA621E80F6; Tue, 1 May 2012 14:03:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.544
X-Spam-Level:
X-Spam-Status: No, score=-106.544 tagged_above=-999 required=5 tests=[AWL=0.055, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dw2solkldeGz; Tue, 1 May 2012 14:03:31 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 3A43B21E8053; Tue, 1 May 2012 14:03:31 -0700 (PDT)
Received: from dhcp-172-19-119-246.cbf.corp.google.com (unknown [64.13.52.115]) by vimes.kumari.net (Postfix) with ESMTPSA id 7CFCF1B40098; Tue, 1 May 2012 17:03:30 -0400 (EDT)
From: Warren Kumari <warren@kumari.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 01 May 2012 17:03:28 -0400
Message-Id: <B85D2730-FB02-4AF6-9C32-FBB0F7509670@kumari.net>
To: draft-ietf-appsawg-about-uri-scheme.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Cc: IESG IESG <iesg@ietf.org>, secdir@ietf.org
Subject: [secdir] SecDir review of draft-ietf-appsawg-about-uri-scheme
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 21:03:31 -0000
Hi, Do not be alarmed... I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document codifies an existing mechanism, used by lots of browsers. It creates a registry for specific about:<something> tokens, where the only (currently) defined token is "blank", which, surprisingly enough, brings up a blank page... The "Security Considerations" section exists, and is well written. It punts much of the security to the application -- IMO this is the correct thing to do in this case. W
- [secdir] SecDir review of draft-ietf-appsawg-abou… Warren Kumari