Hello,
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.
I have the following COMMENTS:
1. Overall, the document does not discuss I18N. Is it required that the mailto
contains US ASCII only when it is encoded in DNS? This is unclear to me.
2. Section 4, what is the security implication if the same number is used to
identify different URIs. In other words, what prevents the choice of numbers
from collisions and what happens when there is a collision. "Number squatting"
does not seem to be mitigated by DNS SEC as mentioned in the document. This is
just not clear to me but I am not an expert here.
3. I agree with the comments that adding some description of potential use
cases would help when the PROTO write-up mentions there is no implementation
interest. For one thing, security considerations typically would make more
sense in the context of use cases.
Best regards,
--larry
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf