IETF Logo Mail Archive

Re: [Tzdist] Stephen Farrell's No Objection on draft-ietf-tzdist-caldav-timezone-ref-04: (with COMMENT)

Cyrus Daboo <cyrus@daboo.name> Thu, 08 October 2015 18:28 UTC

Return-Path: <cyrus@daboo.name>
X-Original-To: tzdist@ietfa.amsl.com
Delivered-To: tzdist@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C877B1A1A76; Thu, 8 Oct 2015 11:28:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.912
X-Spam-Level:
X-Spam-Status: No, score=-3.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_INVITATION=-2, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3NNS33WnvrVC; Thu, 8 Oct 2015 11:28:27 -0700 (PDT)
Received: from daboo.name (daboo.name [173.13.55.49]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A0CF1A03A9; Thu, 8 Oct 2015 11:28:25 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by daboo.name (Postfix) with ESMTP id D6D4C2155B17; Thu, 8 Oct 2015 14:28:24 -0400 (EDT)
X-Virus-Scanned: amavisd-new at example.com
Received: from daboo.name ([127.0.0.1]) by localhost (daboo.name [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pzam4UCo5s2U; Thu, 8 Oct 2015 14:28:24 -0400 (EDT)
Received: from [17.45.162.214] (unknown [17.45.162.214]) by daboo.name (Postfix) with ESMTPSA id 0F17D2155B05; Thu, 8 Oct 2015 14:28:22 -0400 (EDT)
Date: Thu, 08 Oct 2015 14:28:21 -0400
From: Cyrus Daboo <cyrus@daboo.name>
To: "Eliot Lear (elear)" <elear@cisco.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <C7CABF187750B967A165EC6A@cyrus.local>
In-Reply-To: <987BA03F-54E2-4FA3-8049-BD54EB6D5134@cisco.com>
References: <20150930135935.9433.76218.idtracker@ietfa.amsl.com> <31C472AFF9FCDED2E9D8A031@cyrus.local>,<5612A3FD.5060206@cs.tcd.ie> <987BA03F-54E2-4FA3-8049-BD54EB6D5134@cisco.com>
X-Mailer: Mulberry/4.1.0b1 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; size="755"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tzdist/nsT2fUHK00YymnmgBRmx4Q_XKSE>
Cc: draft-ietf-tzdist-caldav-timezone-ref.shepherd@ietf.org, tzdist@ietf.org, draft-ietf-tzdist-caldav-timezone-ref.ad@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-tzdist-caldav-timezone-ref@ietf.org, tzdist-chairs@ietf.org
Subject: Re: [Tzdist] Stephen Farrell's No Objection on draft-ietf-tzdist-caldav-timezone-ref-04: (with COMMENT)
X-BeenThere: tzdist@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <tzdist.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tzdist>, <mailto:tzdist-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tzdist/>
List-Post: <mailto:tzdist@ietf.org>
List-Help: <mailto:tzdist-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tzdist>, <mailto:tzdist-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2015 18:28:29 -0000

Hi Eliot,

--On October 5, 2015 at 4:49:15 PM +0000 "Eliot Lear (elear)" 
<elear@cisco.com> wrote:

>
> I'm on vacation and don't have the spec in front of me. It would seem
> reasonable to mention as a mitigation to the attack Stephen mentioned to
> only query after an authorization step. What that step is could be a one
> time query by the MUA  like "allow invitations from senders from this
> domain for?" Or it could be some MTA rule.

I am not sure such a statement belongs in this document as that behavior is 
true for arbitrary invites being sent from any untrusted source, 
irrespective of whether timezones-by-reference is being used. There is 
already a fair amount of security covered in RFC5546 (iTIP - iCalendar 
invite).

-- 
Cyrus Daboo

v2.23.0 | Report a Bug | By Email