Telechat Review of draft-ietf-xcon-common-data-model-
review-ietf-xcon-common-data-model-secdir-telechat-kivinen-2011-05-31-00
Request | Review of | draft-ietf-xcon-common-data-model |
---|---|---|
Requested revision | No specific revision (document currently at 32) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2011-05-24 | |
Requested | 2011-05-16 | |
Authors | David E. Morgan Ph.D. , Gonzalo Camarillo , Jari Urpalainen , Oscar Novo | |
I-D last updated | 2011-05-31 | |
Completed reviews |
Secdir Last Call review of -??
by Tero Kivinen
Secdir Telechat review of -?? by Tero Kivinen |
|
Assignment | Reviewer | Tero Kivinen |
State | Completed | |
Request | Telechat review on draft-ietf-xcon-common-data-model by Security Area Directorate Assigned | |
Completed | 2011-05-31 |
review-ietf-xcon-common-data-model-secdir-telechat-kivinen-2011-05-31-00
This is re-review of the draft I already reviewed at 2011-03-03. The current draft contains some small changes done since, but I do not think it solves the issues I raised in my previous review: 1) The confidentiality is not mandatory even in the cases where the database contains sensitive elements (passwords), it is only SHOULD. 2) The privacy issues is not covered enough. The current version added specific pointer to the section 11.2 of RFC5239, but that only covers one very small privacy issue, i.e. anonymous access. It does not cover gathering sensitive privacy information in the database, i.e. who participated which conferences and with whom. My previous review can be found in http://www.ietf.org/mail-archive/web/secdir/current/msg02482.html -- kivinen at iki.fi