OK, Jasdip.
Mario
Il 09/11/2021 14:59, Jasdip Singh ha scritto:
Mario,
*From: *regext <regext-boun...@ietf.org> on behalf of Mario Loffredo
<mario.loffr...@iit.cnr.it>
*Date: *Tuesday, November 9, 2021 at 7:46 AM
*To: *"regext@ietf.org" <regext@ietf.org>
*Subject: *[regext] Fwd: RDAP JSContact feedback
*7. Security Considerations*
“The only mandatory property, namely "uid", is usually an
opaque string.”
Do we need to clarify further here, given “uid” would be a
non-opaque handle in jscard?
[ML] Sorry but I didn't catch this. Did you mean that "uid" in
jscard could disclose some sensitive contact information?
[JS] That’s an interesting question. In contrast with a UUID for a
“uid”, a handle might disclose. But, I was simply reacting to the
“usually an opaque string” phrase given we have a SHOULD for “uid”
being a handle. Meaning, in our case, it would more likely be a
handle (less opaque) than a UUID (more opaque).
[ML] UUID is not the only value accepetd for "uid" in JSContact (see
https://datatracker.ietf.org/doc/html/draft-ietf-jmap-jscontact-08#section-2.1.2
<https://datatracker.ietf.org/doc/html/draft-ietf-jmap-jscontact-08#section-2.1.2>),
both URI and free-form text are accepted.
Maybe opaque is not the right term. I'll rearrange the sentence to
mean that the only required property in JSContact is not a sensitive
information as it happens with fn for jCard.
[JS] Yes, that’ll clarify.
Thanks,
Jasdip
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
--
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
