[secdir] secdir review of draft-salgueiro-vcarddav-kind-device-06

Samuel Weiler <weiler@watson.org> Tue, 08 January 2013 16:02 UTC

Return-Path: <weiler@watson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8FBD021F8906; Tue, 8 Jan 2013 08:02:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id pmUTlBpVlv7n; Tue, 8 Jan 2013 08:02:36 -0800 (PST)
Received: from fledge.watson.org (fledge.watson.org []) by ietfa.amsl.com (Postfix) with ESMTP id D148421F84EA; Tue, 8 Jan 2013 08:02:35 -0800 (PST)
Received: from fledge.watson.org (localhost.watson.org []) by fledge.watson.org (8.14.5/8.14.5) with ESMTP id r08G2YnF081693; Tue, 8 Jan 2013 11:02:34 -0500 (EST) (envelope-from weiler@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.14.5/8.14.5/Submit) with ESMTP id r08G2XXP081683; Tue, 8 Jan 2013 11:02:33 -0500 (EST) (envelope-from weiler@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Tue, 08 Jan 2013 11:02:33 -0500
From: Samuel Weiler <weiler@watson.org>
To: secdir@ietf.org, iesg@ietf.org, draft-salgueiro-vcarddav-kind-device@tools.ietf.org
Message-ID: <alpine.BSF.2.00.1301081057580.42805@fledge.watson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.3 (fledge.watson.org []); Tue, 08 Jan 2013 11:02:34 -0500 (EST)
Subject: [secdir] secdir review of draft-salgueiro-vcarddav-kind-device-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jan 2013 16:02:36 -0000

Summary: no objections.

There are very real security concerns, but the only surprise is that 
they're discussed only by reference.  The draft refers to the general 
vCard spec (RFC6350).  RFC6350 does an adequate job.  One might argue 
that vCards more devices are more likely to be used in automated and 
perhaps unfamiliar ways, so the ricks are greater than with vCards for 
humans.  But we let a similar doc (RFC6473) be published a year ago 
with this same sort of referral, so it's hard to make a case than 
anything needs to change here.

Thanks to the editors for the very readable doc.

-- Sam