Mario, From: regext <[email protected]> on behalf of Mario Loffredo <[email protected]> Date: Tuesday, November 9, 2021 at 7:46 AM To: "[email protected]" <[email protected]> Subject: [regext] Fwd: RDAP JSContact feedback
7. Security Considerations “The only mandatory property, namely "uid", is usually an opaque string.” Do we need to clarify further here, given “uid” would be a non-opaque handle in jscard? [ML] Sorry but I didn't catch this. Did you mean that "uid" in jscard could disclose some sensitive contact information? [JS] That’s an interesting question. In contrast with a UUID for a “uid”, a handle might disclose. But, I was simply reacting to the “usually an opaque string” phrase given we have a SHOULD for “uid” being a handle. Meaning, in our case, it would more likely be a handle (less opaque) than a UUID (more opaque). [ML] UUID is not the only value accepetd for "uid" in JSContact (see https://datatracker.ietf.org/doc/html/draft-ietf-jmap-jscontact-08#section-2.1.2), both URI and free-form text are accepted. Maybe opaque is not the right term. I'll rearrange the sentence to mean that the only required property in JSContact is not a sensitive information as it happens with fn for jCard. [JS] Yes, that’ll clarify. Thanks, Jasdip
_______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
