Last Call Review of draft-ietf-calext-availability-03
review-ietf-calext-availability-03-secdir-lc-harkins-2016-07-14-00

  Greetings,

  I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

  This draft specifies a way to use iCalendar to publish time periods
of a person's availability and unavailability. For the record, I am
not knowledgeable of namespace requirements on the components described
in this draft so I'm just assuming that stuff is OK.

  I believe this draft is "Ready with issues". Those issues are:

  - the steps to calculate free-busy time (section 5) has a for loop
    that goes from the lowest priority entry to the highest priority
    entry. But the 2nd step says, "Determine if the 'VAVAILABILITY'
    is completely overridden by a higher priority component. If so
    ignore it." How can a higher priority component already hold that
    time if we're looping from lower priority to higher priority?

    This step seems superfluous or there's some assumption on the
    state of the calendar prior to the loop that I'm not getting.
    Please fix this or point me to the text that I missed.

  - I am very happy to see Privacy Considerations because that was the
    thing that jumped out at me when I started reading. But there are
    normative requirements in the Privacy Considerations and I feel
    those would be better placed in the appropriate sections of the
    draft that deal with that behavior. It is my feeling that Privacy
    Considerations (and Security Considerations) should consider the
    effects of the normative action described above them and not
    indicate additional normative requirements.

Other than that, publish away!

  regards,

  Dan.