IETF conflict review for draft-goix-appsawg-enum-acct-uri
conflict-review-goix-appsawg-enum-acct-uri-00
Yes
(Barry Leiba)
(Pete Resnick)
No Objection
(Adrian Farrel)
(Benoît Claise)
(Brian Haberman)
(Gonzalo Camarillo)
(Jari Arkko)
(Joel Jaeggli)
(Martin Stiemerling)
(Richard Barnes)
(Spencer Dawkins)
(Stewart Bryant)
(Ted Lemon)
Note: This ballot was opened for revision 00 and is now closed.
Ballot question: "Is this the correct conflict review response?"
Barry Leiba Former IESG member
Yes
Yes
()
Unknown
Pete Resnick Former IESG member
Yes
Yes
()
Unknown
Adrian Farrel Former IESG member
No Objection
No Objection
()
Unknown
Benoît Claise Former IESG member
No Objection
No Objection
()
Unknown
Brian Haberman Former IESG member
No Objection
No Objection
()
Unknown
Gonzalo Camarillo Former IESG member
No Objection
No Objection
()
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
()
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
()
Unknown
Martin Stiemerling Former IESG member
No Objection
No Objection
()
Unknown
Richard Barnes Former IESG member
No Objection
No Objection
()
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
()
Unknown
Stephen Farrell Former IESG member
No Objection
No Objection
(2014-01-22)
Unknown
I'm curious: given the file-name, was this proposed to and rejected by appsawg? As a personal comment, I don't think its at all a good plan to introduce yet more linkages between personal identifiers which is precisely what this does. But that's for the ISE to judge I guess. I'm also not quite sure whether or not this draft does what's called for in the security considerations of draft-ietf-appsawg-acct-uri. But that's also for the ISE to judge. I'm pretty sure this draft does not define the security considerations fully, but I'm not sure if this draft counts as a protocol making "use" of acct URIs. (Were it up to me, I'd say yes it is, and that the security considerations ought be more thorough.) In addition, protocols that make use of 'acct' URIs are responsible for defining security considerations related to such usage, e.g., the risks involved in dereferencing an 'acct' URI, the authentication and authorization methods that could be used to control access to personal data associated with a user's account at a service, and methods for ensuring the confidentiality of such information. I also note that 6117 says: However, in some cases, the inclusion of those protocols and URI Schemes into ENUM specifically could introduce new security issues. In these cases, those issues or risks MUST be covered in the "Security Considerations" section of the Enumservice Specification. Authors should pay particular attention to any indirect risks that are associated with a proposed Enumservice, including cases where the proposed Enumservice could lead to the discovery or disclosure of Personally Identifiable Information (PII). If someone were to ask me, I'd say that this draft doesn't fully cover that, but again that's for the ISE and relevant designated expert to decide.
Stewart Bryant Former IESG member
No Objection
No Objection
()
Unknown
Ted Lemon Former IESG member
No Objection
No Objection
()
Unknown