[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Enum] FW: secdir review of draft-ietf-enum-vcard-05

To: "'IETF ENUM WG'" <enum at ietf.org>
Subject: [Enum] FW: secdir review of draft-ietf-enum-vcard-05
From: "Richard Shockey" <richard at shockey.us>
Date: Thu, 1 Mar 2007 10:57:15 -0500
List-help: <mailto:enum-request@ietf.org?subject=help>
List-id: Enum Discussion List <enum.ietf.org>
List-post: <mailto:enum@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/enum>, <mailto:enum-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/enum>, <mailto:enum-request@ietf.org?subject=unsubscribe>
Reply-to: richard at shockey.us
Thread-index: AcdbTHFPOpW40j7TS+WVqUZApNKu4AAzdKsg


> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba at hotmail.com]
> Sent: Monday, February 19, 2007 8:54 PM
> To: secdir at mit.edu
> Cc: ietf at ietf.org
> Subject: secdir review of draft-ietf-enum-vcard-05
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> Overall, I found this document to be fairly straightforward and easy to
> understand.  This document registers the Enumservice "vCard" with three
> subtypes; it is to  be used to refer from an ENUM domain name to a vCard
> instance.
> As such, the security considerations of ENUM (RFC 3761, Section 6) apply;
> the reference
> covers DNS security issues in some depth.
> 
> Section 6 of this document provides for discussion of additional security
> considerations,
> including privacy.  I believe that this additional discussion combined
> with
> the security
> considerations section of RFC 3761, covers the security issues.
> 
> Note that the ENUM record itself need not contain personal information; it
> just points
> to a location where access to that information could be obtained.
> 
> The use of HTTP in this Enumservice allows for authentication and
> authorization to
> be utilized to provide access control to user information.   The document
> requires use of
> standard HTTP authentication (RFC 2617) for this, typically protected
> within
> HTTPS.
> 
> 
> 
> _______________________________________________
> Ietf mailing list
> Ietf at ietf.org
> https://www1.ietf.org/mailman/listinfo/ietf


_______________________________________________
enum mailing list
enum at ietf.org
https://www1.ietf.org/mailman/listinfo/enum

Prev by Date: RE: [Enum] I-D ACTION:draft-ietf-enum-unused-01.txt
Next by Date: RE: [Enum] I-D ACTION:draft-ietf-enum-unused-01.txt
Previous by thread: [Enum] Requesting comments on draft-lim-kim-enum-based-softswitch-01.txt
Next by thread: [Enum] Last Call: draft-ietf-enum-im-service (A Telephone Number Mapping (ENUM) Service Registration for Instant Messaging (IM) Services) to Proposed Standard
Index(es):
- Date
- Thread