I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
Overall, I found this document to be fairly straightforward and easy to
understand. This document registers the Enumservice "vCard" with three
subtypes; it is to be used to refer from an ENUM domain name to a vCard
instance.
As such, the security considerations of ENUM (RFC 3761, Section 6) apply;
the reference
covers DNS security issues in some depth.
Section 6 of this document provides for discussion of additional security
considerations,
including privacy. I believe that this additional discussion combined with
the security
considerations section of RFC 3761, covers the security issues.
Note that the ENUM record itself need not contain personal information; it
just points
to a location where access to that information could be obtained.
The use of HTTP in this Enumservice allows for authentication and
authorization to
be utilized to provide access control to user information. The document
requires use of
standard HTTP authentication (RFC 2617) for this, typically protected within
HTTPS.
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf