Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#107 closed defect (fixed)

Clarify requirement for security considerations

Reported by: dthaler@… Owned by: draft-ietf-iri-4395bis-irireg@…
Priority: major Milestone:
Component: 4395bis-irireg Version:
Severity: Active WG Document Keywords:
Cc:

Description

Section 4 (Guidelines for Provisional URI/IRI Scheme Registration) allows registration by third parties (even if not
on behalf of those who created the scheme). While many of the required pieces of information are "SHOULD"s, it says:
"A valid Security Considerations section, as required by Section 6

of [RFC5226]."

If the third party does not have access to the spec (e.g., because it's owned by an SDO or company without an open spec), the third party may not be able to write a "valid" security considerations section. I ran into this personally.

Need to either make it a SHOULD, or else clarify what is needed in a "valid" section.

Change History (2)

comment:1 Changed 8 years ago by masinter@…

  • Resolution set to fixed
  • Status changed from new to closed

Text changed:

The scheme definition SHOULD include a clear Security Considerations
section (as with permanent scheme registrations<xref target='secguide'/>)
or explain why a full security analysis is not available (e.g., with
a third-party scheme registration).

comment:2 Changed 8 years ago by masinter@…

checking before submitting draft, I wound up rewriting this as:

The scheme definition SHOULD include a clear Security Considerations
(<xref target='secguide'/>) or explain why a full security

analysis is not available (e.g., in a third-party
scheme registration).

Note: See TracTickets for help on using tickets.