[secdir] security review of draft-edwards-urn-smpte-02

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: [secdir] security review of draft-edwards-urn-smpte-02

Hello,

I have re-reviewed this document (draft-edwards-urn-smpte-02) as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. 

These comments were written primarily for the benefit of the security area directors.  Document editor should treat these comments just like any other last call comments.

Note: this is a revisit of the document as the first security review has been conducted on version-01 on May 8th, 2007 with no major findings but 5 comments.

I still agree with the author that this document introduces no security issues other than those normally associated with the use and resolution of URNs in general.


All comments from the former security review have been resolved.

No new problems have been introduced.


Which leaves two minor comments on version-02:

1. minor editorial comment:

Section 8 references:

Society of Motion Picture and Television Engineers,

"Uniform Resource Names for SMPTE Resources", SMPTE 2029,

<http://www.smpte.org> (to be published).

Should be changed to

Society of Motion Picture and Television Engineers,

"Uniform Resource Names for SMPTE Resources", SMPTE 2029-2007

<http://www.smpte.org>

As the SMPTE-2029-2007 document has been actually published (as had been required for the draft to proceed).

Now just the reference text needs to be updated.


2. and the personal comment/note from the version-01 remains as I did not receive feedback on this one:

a) I am not sure that SMPTE really needs a formal URN, and why an informal URN would not be sufficient. But this should be decided by the community.

Note: draft version-02 introduced some justification about the need for this new namespace in section 5 of the draft. But from my personal view this mainly equals to we need our(SMPTE) own URN which is exclusively under our(SMPTE) control. As a reason this may not be considered a real reason/value by itself and thus may not be sufficient.

b) As the organization seems mainly focussed on the North American Continent, it might also be a good idea to pursue via independent expert reviews the question whether there exist potential namespace conflicts with other international organizations in this area (Motion Picture and Television) like e.g. ARIB (Association of Radio Industries and Businesses) or others.



Best regards, Tobias Gondrom




__________________________________________
Tobias Gondrom
Head of Open Text Security Team
Director, Product Security

Open Text
Technopark 2
Werner-von-Siemens-Ring 20
D-85630 Grasbrunn

Phone: +49 (0) 89 4629-1816
Mobile: +49 (0) 173 5942987
Telefax: +49 (0) 89 4629-33-1816
eMail:
mailto:tobias.gondrom@xxxxxxxxxxxx
Internet: http://www.opentext.com/ 

Place of Incorporation / Sitz der Gesellschaft: Open Text GmbH, Werner-von-Siemens-Ring 20, 85630 Grasbrunn, Germany | Phone: +49 (0) 89 4629 0 | Fax: +49 (0) 89 4629 1199 | Register Court / Registergericht: München, Germany | Trade Register Number / HRB: 168364 | VAT ID Number /USt-ID: DE 114 169 819 | Managing Director / Geschäftsführer: John Shackleton, Walter Köhler

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]