Ballot for conflict-review-warden-appsawg-vnc-scheme
Yes
No Objection
Abstain
Note: This ballot was opened for revision 00 and is now closed.
Ballot question: "Is this the correct conflict review response?"
In line with Stephen's DISCUSS, I'm in favor of adding a note (from the authors or the IESG) about the security risks.
I would also support a note about the cleartext password concern.
I share Stephen's concern about this document. I do find it interesting that the Security Considerations section talks about potentially protecting sensitive parameters within the URI with SSH... when SSH parameters are one of those pieces of sensitive information. And while, I understand that VNC has protections built into it, I think we are beyond the point where we can pretend that information sharing constructs will not be leaked in ways that were not expected or designed for.
URIs with secrets embedded in them seem like spectacularly bad ideas that hearken back to 4248. I think the conflict review accurate though iesg text that says you really shouldn't do this might well be appropiate.
I'll be listening to the discussion on Stephen's Discuss with interest.
Given that RFC 3986 says "URI producers should not provide a URI that contains a username or password that is intended to be secret" and that RFC 7595 says "Definitions of schemes MUST be accompanied by a clear analysis of the security and privacy implications for systems that use the scheme" and points to RFC 3986, I do not feel comfortable balloting any other position on the narrow question of whether this document conflicts with other IETF work.
Thanks for adding the text about sensitive data in URIs. I still wish the scheme showed how to do something better.