Re: [secdir] secdir review of draft-ietf-calext-extensions-03
Cyrus Daboo <cyrus@daboo.name> Wed, 22 June 2016 17:07 UTC
Return-Path: <cyrus@daboo.name>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB3512D191; Wed, 22 Jun 2016 10:07:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.328
X-Spam-Level:
X-Spam-Status: No, score=-3.328 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d9CCnKHuMa2w; Wed, 22 Jun 2016 10:07:24 -0700 (PDT)
Received: from daboo.name (daboo.name [173.13.55.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9E95D12D129; Wed, 22 Jun 2016 10:07:24 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by daboo.name (Postfix) with ESMTP id CB59F46384E7; Wed, 22 Jun 2016 13:07:23 -0400 (EDT)
X-Virus-Scanned: amavisd-new at example.com
Received: from daboo.name ([127.0.0.1]) by localhost (daboo.name [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wiSAoHWx6Txj; Wed, 22 Jun 2016 13:07:23 -0400 (EDT)
Received: from [17.168.87.230] (unknown [17.44.178.123]) by daboo.name (Postfix) with ESMTPSA id 68A9246384DB; Wed, 22 Jun 2016 13:07:22 -0400 (EDT)
Date: Wed, 22 Jun 2016 13:07:20 -0400
From: Cyrus Daboo <cyrus@daboo.name>
To: "Xialiang (Frank)" <frank.xialiang@huawei.com>, "'iesg@ietf.org'" <iesg@ietf.org>, "'secdir@ietf.org'" <secdir@ietf.org>, draft-ietf-calext-extensions.all@tools.ietf.org
Message-ID: <0590CB0E84F8E00754D99FE2@cyrus.local>
In-Reply-To: <C02846B1344F344EB4FAA6FA7AF481F12AF5D0BA@SZXEMA502-MBS.china.huawei.com>
References: <C02846B1344F344EB4FAA6FA7AF481F12AF5D0BA@SZXEMA502-MBS.china.huawei.com>
X-Mailer: Mulberry/4.1.0b1 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; size="2211"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/x93dje_cM_PR6A29nPytWOsUee4>
Subject: Re: [secdir] secdir review of draft-ietf-calext-extensions-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jun 2016 17:07:26 -0000
Hi Xialiang, Thank you for your review. Fixes described below have been made to my working copy and will be included in the next published draft. --On June 22, 2016 at 1:39:06 AM +0000 "Xialiang (Frank)" <frank.xialiang@huawei.com> wrote: > Below is a series of my comments, nits for your consideration. > > comments: > section 7 > 1. This section covers the possible new threats brought by new properties > and parameters, but does not mention how to mitigate them explicitly. > Could you consider this point? I've added some additional text to my working copy to cover that. > 2. The "Security Considerations" section > of [RFC5545] describes the general security issues and its corresponding > relation with the transport protocol. It's clear and comprehensive. As > the extension draft to the iCalendar object specification, it's a good > practice to mention that the security considerations in [RFC5545] > continue to apply in this document. I have added the follow text as the last paragraph of Security Considerations: Security considerations in [RFC5545], and [RFC5546] MUST also be adhered to. I have also added a Privacy Considerations section with similar text. Also, on further review there were a couple of addition items I felt needed to be added to these sections. In particular text about short REFRESH-INTERVALs being used to trigger denial of service attacks. > section 5.2--5.6 > These sections specify the extensive properties, and don't follow the > template in [RFC5545]. Would it be better to have some text for each > extensive property to point out its original specification in [RFC5545] > for easy understanding? OK. I have added text in each of those sections providing a reference back to the section in RFC5545 where the original definitions reside. > section 5.11 > The new property -- conference, is missed in the previous iCalendar > components' definition in section 4; Fixed. > nits: > Section 8.1 > The section number of [RFC5545] referenced here is wrong, it should be > modified from 8.2.3 to 8.3.2; > > Section 8.2 > The section number of [RFC5545] referenced here is wrong, it should be > modified from 8.2.4 to 8.3.3; Fixed. -- Cyrus Daboo
- Re: [secdir] secdir review of draft-ietf-calext-e… Xialiang (Frank)
- Re: [secdir] secdir review of draft-ietf-calext-e… Cyrus Daboo
- [secdir] secdir review of draft-ietf-calext-exten… Xialiang (Frank)