Last Call Review of draft-ietf-vcarddav-vcardxml-
review-ietf-vcarddav-vcardxml-secdir-lc-lepinski-2011-05-31-00
| Request | Review of | draft-ietf-vcarddav-vcardxml |
|---|---|---|
| Requested revision | No specific revision (document currently at 11) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-05-24 | |
| Requested | 2011-04-14 | |
| Authors | Simon Perreault | |
| I-D last updated | 2011-05-31 | |
| Completed reviews |
Secdir Last Call review of -??
by Matt Lepinski
|
|
| Assignment | Reviewer | Matt Lepinski |
| State | Completed | |
| Request | Last Call review on draft-ietf-vcarddav-vcardxml by Security Area Directorate Assigned | |
| Completed | 2011-05-31 |
review-ietf-vcarddav-vcardxml-secdir-lc-lepinski-2011-05-31-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document defines an XML schema for representing a VCARD. The XML representation is semantically equivalent to the text-based format specified in draft-ietf-vcarddav-vcard-rev. In the security considerations section of this document, the authors claim that the security considerations for XML VCARDs are identical to the security considerations for text VCARDs. I agree with the document authors that the translation from text to XML introduces no additional security considerations. Minor Nit: On page 8: "... whose default value is not know MUST be converted using the value type XML element ..." Replace "know" with "known" - Matt Lepinski