[secdir] Secdir review of draft-ietf-vcarddav-vcardxml-10

Matt Lepinski <mlepinski@bbn.com> Mon, 23 May 2011 20:47 UTC

Return-Path: <mlepinski@bbn.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD455E07E0; Mon, 23 May 2011 13:47:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MpMPcSLwDi2N; Mon, 23 May 2011 13:47:22 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id EEE00E079C; Mon, 23 May 2011 13:47:21 -0700 (PDT)
Received: from [128.89.255.131] (port=3431) by smtp.bbn.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.74 (FreeBSD)) (envelope-from <mlepinski@bbn.com>) id 1QOc25-000J9P-9F; Mon, 23 May 2011 16:47:21 -0400
Message-ID: <4DDAC7F7.10207@bbn.com>
Date: Mon, 23 May 2011 16:47:51 -0400
From: Matt Lepinski <mlepinski@bbn.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10
MIME-Version: 1.0
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-vcarddav-vcardxml@tools.ietf.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [secdir] Secdir review of draft-ietf-vcarddav-vcardxml-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2011 20:47:22 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This document defines an XML schema for representing a VCARD. The XML representation is semantically equivalent to the text-based format specified in draft-ietf-vcarddav-vcard-rev.

In the security considerations section of this document, the authors claim that the security considerations for XML VCARDs are identical to the security considerations for text VCARDs. I agree with the document authors that the translation from text to XML introduces no additional security considerations.

Minor Nit:

On page 8:
"... whose default value is not know MUST be converted using the value type XML element ..."

Replace "know" with "known"

- Matt Lepinski