Re: [apps-discuss] AppsDir Review of draft-ietf-appsawg-acct-uri-03
Peter Saint-Andre <psaintan@cisco.com> Wed, 27 March 2013 02:02 UTC
Return-Path: <psaintan@cisco.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A288621F87E5; Tue, 26 Mar 2013 19:02:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pOHAI-oh0fqf; Tue, 26 Mar 2013 19:02:19 -0700 (PDT)
Received: from mtv-iport-1.cisco.com (mtv-iport-1.cisco.com [173.36.130.12]) by ietfa.amsl.com (Postfix) with ESMTP id 1E79921F8555; Tue, 26 Mar 2013 19:02:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4131; q=dns/txt; s=iport; t=1364349739; x=1365559339; h=cc:message-id:from:to:in-reply-to:mime-version:subject: date:references; bh=MTv03vIwXsUlPQMChMNB/vN3I0SXyG27DQxHq9tl6Mo=; b=eNs6kCe7YrFZbqPqGOcApSfwAan01Zhm5locHfA0U8/fIwr5Gv1EoqFC I78QZ0Li7z8PgTe/AjCI4W47COWIG0ZYFPBwBdCfIPbMxCeiGZIPS4PkJ MFPvN/q4TennKKryODGNT7Fx23g5pAtL7zQ6BEK6tkAbgXpZsBK9ICKLC g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Aj0IAHtSUlGrRDoH/2dsb2JhbABDgzoBuC2IO4EJFoEqgh8BAQEDAXkFCwsEEBkZVwaIIQUNr0+PZY8BEQcKglVhA4h4jW+BH4RgiwiDKh0
X-IronPort-AV: E=Sophos; i="4.84,915,1355097600"; d="scan'208,217"; a="73717200"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-1.cisco.com with ESMTP; 27 Mar 2013 02:02:18 +0000
Received: from [192.168.1.3] (sjc-vpn7-1020.cisco.com [10.21.147.252]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r2R22Hvj024707; Wed, 27 Mar 2013 02:02:17 GMT
Message-Id: <583081CD-147D-4DFD-8C9A-E02F06F2E0EB@cisco.com>
From: Peter Saint-Andre <psaintan@cisco.com>
To: Dave Cridland <dave@cridland.net>
In-Reply-To: <CAKHUCzwWppyp0kY0GfgeUQPbE4_JMA3i1pZTdY6KAQ4pGJeKbA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-2--504519363"
Mime-Version: 1.0 (Apple Message framework v936)
Date: Tue, 26 Mar 2013 20:02:17 -0600
References: <CAKHUCzwWppyp0kY0GfgeUQPbE4_JMA3i1pZTdY6KAQ4pGJeKbA@mail.gmail.com>
X-Mailer: Apple Mail (2.936)
X-Mailman-Approved-At: Wed, 27 Mar 2013 08:05:14 -0700
Cc: draft-ietf-appsawg-acct-uri.all@tools.ietf.org, iesg@ietf.org, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] AppsDir Review of draft-ietf-appsawg-acct-uri-03
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2013 02:02:19 -0000
On Mar 11, 2013, at 9:38 AM, Dave Cridland wrote: > I have been selected as the Applications Area Directorate reviewer > for this draft (for background on appsdir, please see http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate > ). > > Please resolve these comments along with any other Last Call > comments you may receive. Please wait for direction from your > document shepherd or AD before posting a new version of the draft. > Document: draft-ietf-appsawg-webfinger-11 > Title: The 'acct' URI Scheme > Reviewer: Dave Cridland > Review Date: 2013/03/11 > > Summary: Ready for publication as Standards Track. Although I note > one possible additional security consideration it is minor. > > Editorial Comments: > > 1) I do love the use of "discussants", but I hesitantly wonder if > the more common (if less specific) "participants" would be a more > readily understood choice of word? I'll change it "the participants in that discussion". > Minor Comments: > > 1) I note that an acct scheme URI provides proof of existence of the > account; this implies that harvesting published acct URIs would be > useful for spammers and similar attackers, if they can also use this > to leverage more information about the account (such as via > WebFinger). Good point. I'll add text to the Security Considerations on this point (expect a revised I-D at some point in the near future). Peter
- Re: [apps-discuss] AppsDir Review of draft-ietf-a… Dave Cridland
- Re: [apps-discuss] AppsDir Review of draft-ietf-a… Peter Saint-Andre