Last Call Review of draft-kille-ldap-xmpp-schema-06

Request Review of draft-kille-ldap-xmpp-schema
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-09-27
Requested 2017-08-30
Authors Steve Kille
Draft last updated 2017-09-21
Completed reviews Genart Last Call review of -06 by Stewart Bryant (diff)
Secdir Last Call review of -02 by Yoav Nir (diff)
Opsdir Last Call review of -06 by Joel Jaeggli (diff)
Secdir Last Call review of -06 by Yoav Nir (diff)
Assignment Reviewer Yoav Nir 
State Completed
Review review-kille-ldap-xmpp-schema-06-secdir-lc-nir-2017-09-21
Reviewed rev. 06 (document currently at 10)
Review result Ready
Review completed: 2017-09-21


The original review is pasted below.

I've reviewed version -06 and all my concerns have been addressed.
Original review:

The document defines a couple of OIDs for associating a Jabber ID with an LDAP object.  As such, it is very short and straightforward. I'm not too happy with the Security Considerations section, which I'll quote here in its entirety:

"This schema enables publishing for XMPP JIDs, and care should be taken to ensure that this information is not accessed inappropriately."

This is rather generic, and it's true for any piece of information stored anywhere.  If that is all there is to say, the section might as well read "This document only registers OIDs and has no special security considerations."

However, I think there is a point that may need to be mentioned. Using this extension links a JID, which is a personal identifier that often appears on the public Internet (much like an email address), to an LDAP object, which is usually limited to an organization, usually the employer of that person. This linkability only exists for people who have access to the LDAP server, so it's just that users have to take the same care with JIDs that they do with email addresses - if you don't want your XMPP messages linked to your employer, or linked to you by your employer, it is better to use a private JID that is not linked to your employer's LDAP.

This advice to users may be out of scope, but I would like to see a mention that JIDs are generally public and pseudonymous, and this links them to a real person within an LDAP domain.