headers
Eliot Lear | 3 Jun 2008 14:15
Picon
Favicon

Re: WGLC: draft-ietf-calsify-2446bis-06.txt && IETF Dublin

Dear all,

This is a reminder that draft-ietf-calsify-2446bis-06.txt is in working 
group last call (WGLC).  Please submit any comments you have now.  Last 
call ends on June 15.

Eliot
Permalink | Reply | 0 comments |
headers
Internet-Drafts | 9 Jun 2008 20:00
Picon
Favicon

I-D ACTION:draft-ietf-calsify-rfc2447bis-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.
This draft is a work item of the Calendaring and Scheduling Standards Simplification Working Group of the IETF.

	Title		: iCalendar Message-Based Interoperability Protocol (iMIP)
	Author(s)	: A. Melnikov
	Filename	: draft-ietf-calsify-rfc2447bis-05.txt
	Pages		: 22
	Date		: 2008-6-9
	
This document, iCalendar Message-Based Interoperability Protocol
   (iMIP), specifies a binding from the iCalendar Transport-independent
   Interoperability Protocol (iTIP) to Internet email-based transports.
Calendaring entries defined by the iCalendar Object Model (iCAL) are
   composed using constructs from RFC 2822, RFC 2045, RFC 2046,
   RFC 2047 and RFC 2049.

   This document is a product of Calendaring and Scheduling Standards
   Simplification (calsify) working group. More information about the
   IETF CALSIFY working group activities can be found on the IETF web
   site at <http://www.ietf.org/html.charters/calsify-charter.html>.

   The issue tracker for the Calsify WG is located at:
    <http://www.ofcourseimright.com/cgi-bin/roundup/calsify>

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-calsify-rfc2447bis-05.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
(Continue reading)

Permalink | Reply | 1 comment |
headers
Tim Hare | 10 Jun 2008 04:02
Picon

RE: I-D ACTION:draft-ietf-calsify-rfc2447bis-05.txt

3.1 

"   1. The iCalendar object MUST be signed by the "Organizer" sending an
   update/initial request or the "Attendee" sending a reply.  <<Or the
   person sending on their behalf? Clearly if somebody else is sending
   the invitation, she can't sign using the key belonging to the
   organizer>>"

This might impact ITIP and possibly iCal, but we may need a mechanism for an
Organizer to sign a security token when creating/authorizing a delegate, and
require that token to be present in anything sent on the Organizer's behalf.
This would be signed by the Organizer with the Organizer's private key, so
that it would be verifiable by decrypting it with the Organizer's public
key. I'm not a security expert, but it could be as simple as encrypting the
Organizer's RFC2822 address as the token and then upon decryption verifying
that it matched that of the Organizer.

After 3.5

"If an unsigned iMIP message is received from the same
   sender later on, the receiving CUA SHOULD warn the user about a
   possible man-in-the-middle attack and SHOULD ignore the message,
   unless explicitly overriden by the user. <<Should it also try to
   notify the other end?>>"

I would suggest that the answer to this question is "No", because if the
attacker has successfully interposed itself between the "other end" and this
CUA, any notification attempt would notify the attacker, allowing it to
withdraw and remove traces.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Aki Niemi | 16 Jun 2008 09:03
Picon

Re: AD review on 2445bis

[CC'd the working group list]

Hi Lisa,

Overall, I think these comments fall into two categories; editorial and
substantial. I've labeled the issues below, and will start a new thread
on each substantial issue on the list.

AFAIK, none of the issues you mention have been brought up before. In
other words, good catches. ;)

Cheers,
Aki

to, 2008-05-29 kello 13:49 -0700, ext Lisa Dusseault kirjoitti:
> Section references:  Can we break section 3 down for publication?  It  
> would be so much easier to remember and refer to specific sections of  
> this document if we had section "4.4." be the UID parameter section  
> instead of 3.8.4.7.    My eyes just cross at the fourth level of  
> section nesting.  I am probably abnormally insistent about avoiding  
> that fourth hierarchy level, and you may all think I'm crazy to  
> suggest the work and change.  Nevertheless, I'll go ahead and suggest,  
> without any further pressure, a breakdown and ordering that I,  
> speaking as an individual and not as an AD (is that enough  
> disclaimers), would prefer:
> 	Section 3:   iCalendar Syntax
> 		Section 3.1: Content lines
> 		Section 3.2: Value Data Types
> 
> 	Section 4: ICalendar ojects and Components
(Continue reading)

Permalink | Reply | 31 comments |
headers
Aki Niemi | 16 Jun 2008 11:56
Picon

AD review issue #1: Use of ALTREP (was: Re: Re: AD review on 2445bis)

ma, 2008-06-16 kello 10:03 +0300, ext Aki Niemi kirjoitti:
> > Section 3.2.1:
> > The ALTREP parameter can be used in a lot of places.  I bet it's not  
> > supported everywhere, and some usages of ALTREP could even be  
> > dangerous.  Some health warnings should be added here at least.

I think we have a couple of options here. Either limit exactly on what
properties the parameter can occur out of the TEXT value type
properties. Or, keep it as it is currently defined. 

In any case, some text should be added to the security considerations.
Specifically, what attack vector did you have in mind?

Cheers,
Aki
Permalink | Reply | 6 comments |
headers
Aki Niemi | 16 Jun 2008 12:14
Picon

AD review issue #4: Supporting both VTODO and VEVENT in the same iCalendar stream (was: Re: Re: AD review on 2445bis)

ma, 2008-06-16 kello 10:03 +0300, ext Aki Niemi kirjoitti:
> > Section 3.6.2: VTODO.  Is it now more common for VTODOs to appear in  
> > the same iCalendar document as VEVENTS?  A few years ago that was not  
> > the case.  Can we now state that user agents SHOULD be able to handle  
> > VTODOs as well as VEVENTS?

Isn't this the implicit assumption already? Namely that if an
implementation is conforming to the specification, it must supports all
of the defined components therein?

Cheers,
Aki
Permalink | Reply | 14 comments |
headers
Aki Niemi | 16 Jun 2008 11:59
Picon

AD review issue #2: DIR parameter (was: Re: Re: AD review on 2445bis)

ma, 2008-06-16 kello 10:03 +0300, ext Aki Niemi kirjoitti:
> > Section 3.2.6, DIR parameter:  This should be limited to LDAP URLs  
> > only, if not by requirement then at least by noting that other types  
> > of URLs are likely to be harmful to interoperability.

For maximum interoperability, a mandatory-to-implement choice should be
defined. However, is LDAP even widely enough supported in iCalendar
implementations to justify this? I suspect vCardDAV URLs could in the
future start appearing here as well.

Cheers,
Aki
Permalink | Reply | 2 comments |
headers
Aki Niemi | 16 Jun 2008 12:06
Picon

AD review issue #3: Meaning of RELTYPE parameter value of SIBLING (was: Re: Re: AD review on 2445bis)

ma, 2008-06-16 kello 10:03 +0300, ext Aki Niemi kirjoitti:
> > Section 3.2.15: RELTYPE.  What does it mean that a calendar component  
> > referenced is the SIBLING of this one?  How is a user agent supposed  
> > to use this information?  Is this parameter ever used except on  
> > RELATED-TO?  Is it actually in use even there?  Health warnings at  
> > least.

Good question. Is there a use case that requires a relationship beyond
parent-child (which currently is the only *defined* relationship in the
document anyway)?

Cheers,
Aki
Permalink | Reply | 1 comment |
headers
Lisa Dusseault | 16 Jun 2008 17:55
Favicon

Re: AD review issue #1: Use of ALTREP (was: Re: Re: AD review on 2445bis)


There are two issues here.  One is the attack vector, the other is  
interoperability combinatorial problems.

The attack vector we can do very little about without really breaking  
new ground in limiting where URLs can appear and what they can  
contain.  Even then, if some Rails Web application has URLs of the  
structure "http://calapp.example.org/lisa/e1234/delete" to mean  
"Delete the event ID 'e1234' on the 'lisa' calendar" -- and if the  
user has a cookie with a session giving them permissions to do this  
action -- there's not much a client application can reasonably do to  
detect that this might be a bad URL to go fetch.  (And a lot of the  
worst examples are cases of poor Web app design.)

The interoperability issue from combinatorial explosions of where you  
can find the ALTREP parameter and what can be in it, is not an attack  
-- it can happen innocently and even when an application is trying to  
do a creative extension to iCalendar.

One axis is the kind of URL you can see in ALTREP:  what would you do  
with

       DESCRIPTION;ALTREP="imap://michael <at> example.org/INBOX":The  
Fall'98 Wild
         Wizards Conference - - Las Vegas\, NV\, USA

The other axis is seeing ALTREP in places where even if the URL scheme  
is handled elsewhere in the client, it's unclear what it means in  
context:
(Continue reading)

Permalink | Reply | 5 comments |
headers
Lisa Dusseault | 16 Jun 2008 18:01
Favicon

Re: AD review issue #4: Supporting both VTODO and VEVENT in the same iCalendar stream (was: Re: Re: AD review on 2445bis)


On Jun 16, 2008, at 3:14 AM, Aki Niemi wrote:

> ma, 2008-06-16 kello 10:03 +0300, ext Aki Niemi kirjoitti:
>>> Section 3.6.2: VTODO.  Is it now more common for VTODOs to appear in
>>> the same iCalendar document as VEVENTS?  A few years ago that was  
>>> not
>>> the case.  Can we now state that user agents SHOULD be able to  
>>> handle
>>> VTODOs as well as VEVENTS?
>
> Isn't this the implicit assumption already? Namely that if an
> implementation is conforming to the specification, it must supports  
> all
> of the defined components therein?

I should add that currently VTODO and VJOURNAL are treated exactly the  
same way as far as requirements are concerned, even though real-world  
use of VTODO is much greater than for VJOURNAL and I'm not even sure  
we can explain how people use VJOURNAL.  So it seems odd that they're  
both assumed to be required but one is really used and the other is  
not.  That kind of thing may lead casual implementors to just ignore  
the implicit requirement, and lump VTODO in with VJOURNAL as something  
they don't really want to figure out how to support.

Again, I can't think of any new requirement that would be a definite  
good thing, but we could easily write an implementation note that  
mentions that VTODOs are increasingly seen in exported ICS files and  
even in iTIP messages and that VEVENTS are ubiquitous.
(Continue reading)

Permalink | Reply | 13 comments |

Gmane