Skip to main content

Last Call Review of draft-ietf-calext-extensions-03
review-ietf-calext-extensions-03-secdir-lc-xia-2016-06-23-00

Request Review of draft-ietf-calext-extensions
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-06-22
Requested 2016-06-09
Authors Cyrus Daboo
I-D last updated 2016-06-23
Completed reviews Genart Last Call review of -03 by Dan Romascanu (diff)
Genart Telechat review of -03 by Dan Romascanu (diff)
Secdir Last Call review of -03 by Liang Xia (diff)
Opsdir Last Call review of -01 by Dan Romascanu (diff)
Assignment Reviewer Liang Xia
State Completed
Request Last Call review on draft-ietf-calext-extensions by Security Area Directorate Assigned
Reviewed revision 03 (document currently at 05)
Result Has issues
Completed 2016-06-23
review-ietf-calext-extensions-03-secdir-lc-xia-2016-06-23-00

Hello,



I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
 directors.  Document editors and WG chairs should treat these comments just
 like any other last call comments.



This document defines a set of new properties for iCalendar data as well as
extending the use of some existing properties to the entire iCalendar object.



In general, since this document just defines several new properties and extends
some existing properties with new parameters for the iCalendar object, there
are limited new threats brought by this work which are covered
 in the "Security Considerations" section.



Summary: this document appears in reasonably good shape, with minor issues that
should be addressed before publication.



Below is a series of my comments, nits for your consideration.



comments:

section 7

1. This section covers the possible new threats brought by new properties and
parameters, but does not mention how to mitigate them explicitly. Could you
consider this point?

2. The "Security Considerations" section of [RFC5545] describes the general
security issues and its corresponding relation with the transport protocol.
It's clear and comprehensive. As the extension draft to the iCalendar
 object specification, it's a good practice to mention that the security
 considerations in [RFC5545] continue to apply in this document.



section 5.2--5.6

These sections specify the extensive properties, and don't follow the template
in [RFC5545]. Would it be better to have some text for each extensive property
to point out its original specification in [RFC5545] for easy
 understanding?



section 5.11

The new property -- conference, is missed in the previous iCalendar components'
definition in section 4;



nits:

Section 8.1

The section number of [RFC5545] referenced here is wrong, it should be modified
from 8.2.3 to 8.3.2;



Section 8.2

The section number of [RFC5545] referenced here is wrong, it should be modified
from 8.2.4 to 8.3.3;



Thanks!



B.R.

Frank