Hello,
I have re-reviewed this document (draft-edwards-urn-smpte-02) as part of the
security directorate's ongoing effort to review all IETF documents being
processed by the IESG.
These comments were written primarily for the benefit of the security area
directors. Document editor should treat these comments just like any other
last call comments.
Note: this is a revisit of the document as the first security review has been
conducted on version-01 on May 8th, 2007 with no major findings but 5 comments.
I still agree with the author that this document introduces no security issues
other than those normally associated with the use and resolution of URNs in
general.
All comments from the former security review have been resolved.
No new problems have been introduced.
Which leaves two minor comments on version-02:
1. minor editorial comment:
Section 8 references:
"Society of Motion Picture and Television Engineers,
"Uniform Resource Names for SMPTE Resources", SMPTE 2029,
<http://www.smpte.org> (to be published)."
Should be changed to
"Society of Motion Picture and Television Engineers,
"Uniform Resource Names for SMPTE Resources", SMPTE 2029-2007
<http://www.smpte.org>"
As the SMPTE-2029-2007 document has been actually published (as had been
required for the draft to proceed).
Now just the reference text needs to be updated.
2. and the personal comment/note from the version-01 remains as I did not
receive feedback on this one:
a) I am not sure that SMPTE really needs a formal URN, and why an informal URN
would not be sufficient. But this should be decided by the community.
Note: draft version-02 introduced some justification about the need for this
new namespace in section 5 of the draft. But from my personal view this mainly
equals to "we need our(SMPTE) own URN which is exclusively under our(SMPTE)
control". As a reason this may not be considered a real reason/value by itself
and thus may not be sufficient.
b) As the organization seems mainly focussed on the North American Continent,
it might also be a good idea to pursue via independent expert reviews the
question whether there exist potential namespace conflicts with other
international organizations in this area (Motion Picture and Television) like
e.g. ARIB (Association of Radio Industries and Businesses) or others.
Best regards, Tobias Gondrom
__________________________________________
Tobias Gondrom
Head of Open Text Security Team
Director, Product Security
Open Text
Technopark 2
Werner-von-Siemens-Ring 20
D-85630 Grasbrunn
Phone: +49 (0) 89 4629-1816
Mobile: +49 (0) 173 5942987
Telefax: +49 (0) 89 4629-33-1816
eMail: mailto:tobias(_dot_)gondrom(_at_)opentext(_dot_)com
Internet: http://www.opentext.com/
Place of Incorporation / Sitz der Gesellschaft: Open Text GmbH,
Werner-von-Siemens-Ring 20, 85630 Grasbrunn, Germany | Phone: +49 (0) 89 4629 0
| Fax: +49 (0) 89 4629 1199 | Register Court / Registergericht: München,
Germany | Trade Register Number / HRB: 168364 | VAT ID Number /USt-ID: DE 114
169 819 | Managing Director / Geschäftsführer: John Shackleton, Walter Köhler
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf