On 2/9/22 12:18, Catherine Meadows via Datatracker wrote:
Reviewer: Catherine Meadows Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits. This draft describes an update of the iCalendar RELATED-TO property, introducing new properties LINK, CONCEPT, and REFID. In particular, RELATED-TO only allowed the value type TEXT. Depending on the property draft extends the allowed value types to include URI and UID, and REFERENCE, where REFERENCE is a URI with a pointer to a fragment of XML code. The Security Considerations Section correctly points out that the security impact of the new/expanded properties is in the new data types URI and REFERENCE they can return, and the fact that they may point to external sources which may vanish or be replaced. This is supplemented with reference to the security considerations in the appropriate RFC’s. My only concern with the previous draft was that the risks of values of type REFERENCE were not addressed. This has now been taken care of. Nits: In the definition of REFERENCE, “it's use as an anchor” should be “its use as an anchor”.
Thank you - fixed.
_______________________________________________ calsify mailing list calsify@xxxxxxxx https://www.ietf.org/mailman/listinfo/calsify
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call