Closed tschaub closed 8 years ago
sthagen
commented
8 years ago @tschaub I am đ for merging the pull request, but seem to remember, we chose "external" consciously, as integrity and confidentiality are not an isolated transport problem to solve, but a gap less / consistent transport and storage problem to solve. But if it helps the process and the other authors are OK, we can merge IMO. What do the others think?
tschaub
commented
8 years ago Relevant bit from Melinda's email:
It may be appropriate, and provide additional clarity, to distinguish between protection of data in flight and data at rest (the IETF does not typically deal with protection of the latter).
sthagen
commented
8 years ago @tschaub: Yes đ - I read it in the mail, switched to the pull request here on github, and forgotten it was =( thanks for pulling that info also in here. Now I'd really like that to be merged.
tschaub
commented
8 years ago @sgillies - I also like the distinction, and the new language makes sense to me. So as long as others think "in flight" and "at rest" are sensible terms, and as long as IETF doesn't object to "at rest" considerations, I think this is good to go.
Should media-type/registration.md be kept in sync? I'm uncertain if it is used anywhere (and if "at rest" considerations are relevant there as well).
sgillies
commented
8 years ago @tschaub no, it doesn't need to be in sync. Related, we just got this from the IANA:
(BEGIN IANA COMMENTS)
IESG/Authors/WG Chairs:
IANA has completed its review of draft-ietf-geojson-03.txt. If any part of this review is inaccurate, please let us know.
IANA understands that, upon approval of this document, there is a single action which IANA must complete.
In the application media types subspace of the Media Types registry located at:
https://www.iana.org/assignments/media-types/
a single, new application media type will be added as follows:
Name: geo+json
Template: [ TBD-at-registration ]
Reference: [ RFC-to-be ]
IANA understands that this is the only action that needs to be completed upon approval of this document.
Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.As Melissa noted in her mail "liking" the above higher detail grade, she suggested to eventually add There will be cases in which stored data need protection, which is out of scope for this document. which I personally like better than implicitly sparing this important aspect out. What do the others think? ... and in case we have a sufficient amount of "likes" who will add it to the pull request? Shall I or would eventually you @tschaub be so kind?
tschaub
commented
8 years ago Ok, I think the text in considerations.mkd should be changed to read:
If sensitive data requires privacy or integrity protection, those must be provided by the transport â for example TLS or HTTPS. There will be cases in which stored data need protection, which is out of scope for this document.
Does that sound good to others?
sthagen
commented
8 years ago :+1: and many thanks to @tschaub for amending the pull request.
chris-little
commented
8 years ago Tim and GeoJSONers,
Can I suggest âduring transmissionâ rather than âin flightâ, which is slightly colloquial and may not translate well to other languages.
Chris
From: Tim Schaub [mailto:notifications@github.com] Sent: Thursday, May 26, 2016 9:52 PM To: geojson/draft-geojson Subject: Re: [geojson/draft-geojson] Getting specific about protecting data in flight (#205)
@sgillieshttps://github.com/sgillies - I also like the distinction, and the new language makes sense to me. So as long as others think "in flight" and "at rest" are sensible terms, and as long as IETF doesn't object to "at rest" considerations, I think this is good to go.
Should media-type/registration.md be kept in sync? I'm uncertain if it is used anywhere (and if "at rest" considerations are relevant there as well).
â You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHubhttps://github.com/geojson/draft-geojson/pull/205#issuecomment-221990791
tschaub
commented
8 years ago Tim and GeoJSONers,
Can I suggest âduring transmissionâ rather than âin flightâ, which is slightly colloquial and may not translate well to other languages.
Thanks @chris-little. I agree that "in flight" is a bit colloquial. The current considerations.mkd text uses "transport" instead. Here it is excerpted:
If sensitive data requires privacy or integrity protection, those must be provided by the transport â for example TLS or HTTPS. There will be cases in which stored data need protection, which is out of scope for this document.
chris-little
commented
8 years ago Tim,
Thanks. That is fine. I will go back to Lurking and learning about GitHub.
Chris
From: Tim Schaub [mailto:notifications@github.com] Sent: Tuesday, May 31, 2016 6:52 PM To: geojson/draft-geojson Cc: Little, Chris; Mention Subject: Re: [geojson/draft-geojson] Getting specific about protecting data in flight (#205)
Tim and GeoJSONers,
Can I suggest âduring transmissionâ rather than âin flightâ, which is slightly colloquial and may not translate well to other languages.
Thanks @chris-littlehttps://github.com/chris-little. I agree that "in flight" is a bit colloquial. The current considerations.mkd text uses "transport" instead. Here it is excerpted:
If sensitive data requires privacy or integrity protection, those must be provided by the transport â for example TLS or HTTPS. There will be cases in which stored data need protection, which is out of scope for this document.
â You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/geojson/draft-geojson/pull/205#issuecomment-222767011, or mute the threadhttps://github.com/notifications/unsubscribe/ABlrtRogf83hmnuSIbIRqsaqiL2DDJbgks5qHHVIgaJpZM4Inn9r.
This incorporates the comments on security considerations from Melinda Shore.