[secdir] Secdir review of draft-ietf-httpbis-authscheme-registrations-08
Catherine Meadows <catherine.meadows@nrl.navy.mil> Mon, 18 November 2013 23:26 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CCCE1AE298; Mon, 18 Nov 2013 15:26:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.424
X-Spam-Level:
X-Spam-Status: No, score=-2.424 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.525] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xlUmo8_MiMBM; Mon, 18 Nov 2013 15:26:27 -0800 (PST)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) by ietfa.amsl.com (Postfix) with ESMTP id A4EFC1AE11F; Mon, 18 Nov 2013 15:26:27 -0800 (PST)
Received: from ashurbanipal.fw5540.net (fw5540.nrl.navy.mil [132.250.196.100]) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id rAINQIO9006744 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 18 Nov 2013 18:26:18 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6E5816FF-84FD-4050-83C8-F3F78F02B8A4"
Date: Mon, 18 Nov 2013 18:26:51 -0500
Message-Id: <0B7C3927-F400-4059-893C-61FB71BED69B@nrl.navy.mil>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-httpbis-authscheme-registrations.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
X-Mailer: Apple Mail (2.1822)
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Subject: [secdir] Secdir review of draft-ietf-httpbis-authscheme-registrations-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 23:26:29 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document registers Hypertext Transfer Protocol (HTTP) authentication schemes which have been defined in standards=tract RCFs before the IANA HTTP Authentication Scheme Registry was established. My understanding is that registration does not constitute an endorsement of security; it simply allows IANA do make sure that any identifiers, etc. specified remain unique. Thus I do not see any security issues with this document. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-ietf-httpbis-auth… Catherine Meadows