ietf
[Top] [All Lists]

[secdir] Review of draft-ietf-enum-calendar-service-03

2008-01-17 03:41:54
Hello,
I have reviewed this document as part of the security directorate's ongoing 
effort to review all IETF documents being processed by the IESG.  These 
comments were written primarily for the benefit of the security area directors. 
 Document editors and WG chairs should treat these comments just like any other 
last call comments.

I have the following COMMENTS:

1. Overall, the document does not discuss I18N. Is it required that the mailto 
contains US ASCII only when it is encoded in DNS? This is unclear to me.
2. Section 4, what is the security implication if the same number is used to 
identify different URIs. In other words, what prevents the choice of numbers 
from collisions and what happens when there is a collision. "Number squatting" 
does not seem to be mitigated by DNS SEC as mentioned in the document. This is 
just not clear to me but I am not an expert here.

3. I agree with the comments that adding some description of potential use 
cases would help when the PROTO write-up mentions there is no implementation 
interest. For one thing, security considerations typically would make more 
sense in the context of use cases.

Best regards,

--larry


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>