Re: [secdir] secdir review of draft-cdmi-mediatypes
"Krishna Sankar (ksankar)" <ksankar@cisco.com> Fri, 10 December 2010 05:03 UTC
Return-Path: <ksankar@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E83F28C13E; Thu, 9 Dec 2010 21:03:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svTUZvaBmyQo; Thu, 9 Dec 2010 21:03:02 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id C2A5228C113; Thu, 9 Dec 2010 21:03:02 -0800 (PST)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEABZDAU2rR7H+/2dsb2JhbACkAHikPpsdhUoEhGSJL4gK
X-IronPort-AV: E=Sophos;i="4.59,322,1288569600"; d="scan'208";a="300225217"
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-5.cisco.com with ESMTP; 10 Dec 2010 05:04:32 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id oBA54URO028966; Fri, 10 Dec 2010 05:04:30 GMT
Received: from xmb-sjc-219.amer.cisco.com ([171.70.151.188]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 9 Dec 2010 21:04:30 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 09 Dec 2010 21:04:52 -0800
Message-ID: <9FA16888AD1BF64ABCE6C2532CCEB98A0C9AFD44@xmb-sjc-219.amer.cisco.com>
In-Reply-To: <ldvlj3y2qdh.fsf@cathode-dark-space.mit.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: secdir review of draft-cdmi-mediatypes
Thread-Index: AcuYJErAFym7wI/xQTSC5q5//DS/TAAA0CQg
References: <ldvlj3y2qdh.fsf@cathode-dark-space.mit.edu>
From: "Krishna Sankar (ksankar)" <ksankar@cisco.com>
To: Tom Yu <tlyu@MIT.EDU>, iesg@ietf.org, secdir@ietf.org, draft-cdmi-mediatypes.all@tools.ietf.org
X-OriginalArrivalTime: 10 Dec 2010 05:04:30.0585 (UTC) FILETIME=[BA3C4690:01CB9827]
X-Mailman-Approved-At: Fri, 10 Dec 2010 08:20:53 -0800
Subject: Re: [secdir] secdir review of draft-cdmi-mediatypes
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2010 05:03:04 -0000
Tom, The security considerations in RFC 4627 pertains to JavaScript and security pertaining to scripting languages. We are not using JavaScript in CDMI and so that section is not relevant here. Cheers <k/> -----Original Message----- From: Tom Yu [mailto:tlyu@MIT.EDU] Sent: Thursday, December 09, 2010 8:39 PM To: iesg@ietf.org; secdir@ietf.org; draft-cdmi-mediatypes.all@tools.ietf.org Subject: secdir review of draft-cdmi-mediatypes This document does not appear to introduce any significant security concerns of its own. I suggest that the Security Considerations section additionally mention the JSON-related security considerations in RFC 4627.
- [secdir] secdir review of draft-cdmi-mediatypes Tom Yu
- Re: [secdir] secdir review of draft-cdmi-mediatyp… Krishna Sankar (ksankar)
- Re: [secdir] secdir review of draft-cdmi-mediatyp… Tom Yu
- Re: [secdir] secdir review of draft-cdmi-mediatyp… Krishna Sankar (ksankar)