Benoit Claise
2016-11-03 12:02:56 UTC
Benoit Claise has entered the following ballot position for
draft-ietf-p2psip-share-09: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-p2psip-share/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Below is Rick Casarez's OPS DIR review:
Section 6.5:
"Since stored values could have been modified or invalidated prior to
their expiration, an accessing peer SHOULD use a Stat request to check
for updates prior to using the data cache"
When considering security, and how this works, I would recommend changing
this to MUST or advising that the lifetime be set very low. A stale ACL
could allow access were none should occur.
draft-ietf-p2psip-share-09: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-p2psip-share/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Below is Rick Casarez's OPS DIR review:
Section 6.5:
"Since stored values could have been modified or invalidated prior to
their expiration, an accessing peer SHOULD use a Stat request to check
for updates prior to using the data cache"
When considering security, and how this works, I would recommend changing
this to MUST or advising that the lifetime be set very low. A stale ACL
could allow access were none should occur.