[secdir] Secdir last call review of draft-wilde-service-link-rel-06
Stefan Santesson <firstname.lastname@example.org> Tue, 20 November 2018 10:42 UTC
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 00B68128CF2; Tue, 20 Nov 2018 02:42:13 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
From: Stefan Santesson <email@example.com>
Cc: firstname.lastname@example.org, email@example.com
Date: Tue, 20 Nov 2018 02:42:12 -0800
Subject: [secdir] Secdir last call review of draft-wilde-service-link-rel-06
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:firstname.lastname@example.org?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:email@example.com?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 10:42:13 -0000
Reviewer: Stefan Santesson Review result: Has Issues Even though this document is quite repetitive when describing its fundamental concepts, I still had a problem figuring out whether the link relations defined are applicable to any web resource, or just to "web services" in the context of "service provided to another service". I have no issues with the fundamental concept, but the document lacks security considerations. The content of the section is "..." indicating that something eventually is intended to go here, but has not yet been written. If there are absolutely no security considerations, then the section should say so. I do however think that there are some useful security considerations to document. At least it may be useful to have a small discussion to consider what information about a service that is helpful to a user, and which could be used by an attacker, and find a good balance. As a nit I would suggest shortening some of the fundamental description in the early introduction that is being repeated in the document. The document is rather short and therefore does not benefit from saying the same things many times.
- [secdir] Secdir last call review of draft-wilde-s… Stefan Santesson
- Re: [secdir] Secdir last call review of draft-wil… Erik Wilde