Re: [Gen-art] Gen-ART review of draft-ietf-vcarddav-vcardrev

Mon, 11 Apr 2011 06:52:36 -0700 

Hi Simon,

Thank you for the update.  How about the following which slightly changes your 
proposed text:

   o  vCards often carry information that can be sensitive (e.g.
      birthday, address, and phone information).  Although vCards have no
      inherent authentication or privacy provisions, they can easily be carried 
by
      any security mechanism that transfers MIME objects to address
      authentication or privacy (e.g.  S/MIME [RFC5751], OpenPGP
      [RFC4880]).  In cases where the privacy or authenticity of
      information contained in vCard is a concern, the vCard SHOULD be
      transported using one of these secure mechanisms.  The KEY
      property (Section 6.8.1) can be used to transport the public key
      used by these mechanisms.

Thank you,
Kathleen

-----Original Message-----
From: Simon Perreault [mailto:[email protected]] 
Sent: Monday, April 11, 2011 9:17 AM
To: Moriarty, Kathleen
Cc: [email protected]; [email protected]
Subject: Re: [Gen-art] Gen-ART review of draft-ietf-vcarddav-vcardrev

On 2011-04-09 08:03, [email protected] wrote:
> The last is not a Gen-ART, but was put
> there for adding considerations to the security section.  I just
> meant that it should state that there may be privacy concerns with
> some of the information.  I listed the regulations to give examples,
> but not to have them entered into the document.  You mention the use
> of encryption for protection against spoofing, it would also be used
> for confidentiality in protecting privacy of the information.

I misunderstood your previous comment. I understand now. Sorry about
that. How about the following:

   o  vCards often carry information that can be sensitive (e.g.
      birthday, address, and phone information).  Although they have no
      inherent authentication or privacy, they can easily be carried by
      any security mechanism that transfers MIME objects with
      authentication or privacy (e.g.  S/MIME [RFC5751], OpenPGP
      [RFC4880]).  In cases where the privacy or authenticity of
      information contained in vCard is a concern, the vCard SHOULD be
      transported using one of these secure mechanisms.  The KEY
      property (Section 6.8.1) can be used to transport the public key
      used by these mechanisms.

Thanks,
Simon
-- 
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source        --> http://ecdysis.viagenie.ca
STUN/TURN server               --> http://numb.viagenie.ca

_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art

Reply via email to