Skip to main content

Telechat Review of draft-ietf-xcon-common-data-model-
review-ietf-xcon-common-data-model-secdir-telechat-kivinen-2011-05-31-00

Request Review of draft-ietf-xcon-common-data-model
Requested revision No specific revision (document currently at 32)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2011-05-24
Requested 2011-05-16
Authors David E. Morgan Ph.D. , Gonzalo Camarillo , Jari Urpalainen , Oscar Novo
I-D last updated 2011-05-31
Completed reviews Secdir Last Call review of -?? by Tero Kivinen
Secdir Telechat review of -?? by Tero Kivinen
Assignment Reviewer Tero Kivinen
State Completed
Request Telechat review on draft-ietf-xcon-common-data-model by Security Area Directorate Assigned
Completed 2011-05-31
review-ietf-xcon-common-data-model-secdir-telechat-kivinen-2011-05-31-00
This is re-review of the draft I already reviewed at 2011-03-03. The
current draft contains some small changes done since, but I do not
think it solves the issues I raised in my previous review:

1) The confidentiality is not mandatory even in the cases where the
   database contains sensitive elements (passwords), it is only
   SHOULD.

2) The privacy issues is not covered enough. The current version added
   specific pointer to the section 11.2 of RFC5239, but that only
   covers one very small privacy issue, i.e. anonymous access. It does
   not cover gathering sensitive privacy information in the database,
   i.e. who participated which conferences and with whom.

My previous review can be found in


http://www.ietf.org/mail-archive/web/secdir/current/msg02482.html

 
-- 
kivinen at iki.fi