Re: [secdir] secdir review of draft-cdmi-mediatypes

"Krishna Sankar (ksankar)" <ksankar@cisco.com> Fri, 10 December 2010 05:03 UTC

Return-Path: <ksankar@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E83F28C13E; Thu, 9 Dec 2010 21:03:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svTUZvaBmyQo; Thu, 9 Dec 2010 21:03:02 -0800 (PST)
Received: from sj-iport-5.cisco.com (sj-iport-5.cisco.com [171.68.10.87]) by core3.amsl.com (Postfix) with ESMTP id C2A5228C113; Thu, 9 Dec 2010 21:03:02 -0800 (PST)
Authentication-Results: sj-iport-5.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEABZDAU2rR7H+/2dsb2JhbACkAHikPpsdhUoEhGSJL4gK
X-IronPort-AV: E=Sophos;i="4.59,322,1288569600"; d="scan'208";a="300225217"
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-5.cisco.com with ESMTP; 10 Dec 2010 05:04:32 +0000
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id oBA54URO028966; Fri, 10 Dec 2010 05:04:30 GMT
Received: from xmb-sjc-219.amer.cisco.com ([171.70.151.188]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 9 Dec 2010 21:04:30 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 09 Dec 2010 21:04:52 -0800
Message-ID: <9FA16888AD1BF64ABCE6C2532CCEB98A0C9AFD44@xmb-sjc-219.amer.cisco.com>
In-Reply-To: <ldvlj3y2qdh.fsf@cathode-dark-space.mit.edu>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: secdir review of draft-cdmi-mediatypes
Thread-Index: AcuYJErAFym7wI/xQTSC5q5//DS/TAAA0CQg
References: <ldvlj3y2qdh.fsf@cathode-dark-space.mit.edu>
From: "Krishna Sankar (ksankar)" <ksankar@cisco.com>
To: Tom Yu <tlyu@MIT.EDU>, iesg@ietf.org, secdir@ietf.org, draft-cdmi-mediatypes.all@tools.ietf.org
X-OriginalArrivalTime: 10 Dec 2010 05:04:30.0585 (UTC) FILETIME=[BA3C4690:01CB9827]
X-Mailman-Approved-At: Fri, 10 Dec 2010 08:20:53 -0800
Subject: Re: [secdir] secdir review of draft-cdmi-mediatypes
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2010 05:03:04 -0000

Tom,
	The security considerations in RFC 4627 pertains to JavaScript
and security pertaining to scripting languages. We are not using
JavaScript in CDMI and so that section is not relevant here.
Cheers
<k/>

-----Original Message-----
From: Tom Yu [mailto:tlyu@MIT.EDU] 
Sent: Thursday, December 09, 2010 8:39 PM
To: iesg@ietf.org; secdir@ietf.org;
draft-cdmi-mediatypes.all@tools.ietf.org
Subject: secdir review of draft-cdmi-mediatypes

This document does not appear to introduce any significant security
concerns of its own.  I suggest that the Security Considerations
section additionally mention the JSON-related security considerations
in RFC 4627.