--- 1/draft-ietf-calext-extensions-03.txt 2016-06-29 07:16:00.428361811 -0700 +++ 2/draft-ietf-calext-extensions-04.txt 2016-06-29 07:16:00.472362920 -0700 @@ -1,18 +1,19 @@ Network Working Group C. Daboo Internet-Draft Apple Inc. -Intended status: Standards Track June 3, 2016 -Expires: December 5, 2016 +Updates: 5545 (if approved) June 28, 2016 +Intended status: Standards Track +Expires: December 30, 2016 New Properties for iCalendar - draft-ietf-calext-extensions-03 + draft-ietf-calext-extensions-04 Abstract This document defines a set of new properties for iCalendar data as well as extending the use of some existing properties to the entire iCalendar object. Status of This Memo This Internet-Draft is submitted in full conformance with the @@ -21,21 +22,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on December 5, 2016. + This Internet-Draft will expire on December 30, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -62,32 +63,33 @@ 5.8. SOURCE Property . . . . . . . . . . . . . . . . . . . . . 9 5.9. COLOR Property . . . . . . . . . . . . . . . . . . . . . 9 5.10. IMAGE Property . . . . . . . . . . . . . . . . . . . . . 10 5.11. CONFERENCE Property . . . . . . . . . . . . . . . . . . . 12 6. Property Parameters . . . . . . . . . . . . . . . . . . . . . 13 6.1. DISPLAY Property Parameter . . . . . . . . . . . . . . . 13 6.2. EMAIL Property Parameter . . . . . . . . . . . . . . . . 14 6.3. FEATURE Property Parameter . . . . . . . . . . . . . . . 15 6.4. LABEL Property Parameter . . . . . . . . . . . . . . . . 16 7. Security Considerations . . . . . . . . . . . . . . . . . . . 16 - 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 - 8.1. Property Registrations . . . . . . . . . . . . . . . . . 17 - 8.2. Parameter Registrations . . . . . . . . . . . . . . . . . 17 - 8.3. Display Types Registry . . . . . . . . . . . . . . . . . 18 - 8.4. Feature Types Registry . . . . . . . . . . . . . . . . . 18 - 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 - 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 - 10.1. Normative References . . . . . . . . . . . . . . . . . . 18 - 10.2. Informative References . . . . . . . . . . . . . . . . . 19 + 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 17 + 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 + 9.1. Property Registrations . . . . . . . . . . . . . . . . . 17 + 9.2. Parameter Registrations . . . . . . . . . . . . . . . . . 18 + 9.3. Display Types Registry . . . . . . . . . . . . . . . . . 18 + 9.4. Feature Types Registry . . . . . . . . . . . . . . . . . 19 + 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 19 + 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 + 11.1. Normative References . . . . . . . . . . . . . . . . . . 19 + 11.2. Informative References . . . . . . . . . . . . . . . . . 20 Appendix A. Change History (To be removed by RFC Editor before - publication) . . . . . . . . . . . . . . . . . . . . 19 - Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 22 + publication) . . . . . . . . . . . . . . . . . . . . 20 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 23 1. Introduction The iCalendar [RFC5545] data format is used to represent calendar data and is used with iTIP [RFC5546] to handle scheduling operations between calendar users. iCalendar is in widespread use, and in accordance with provisions in that specification, extension elements have been added by various vendors to the data format in order to support and enhance capabilities. This specification collects a number of these ad-hoc extensions and uses the new IANA registry @@ -157,49 +159,49 @@ eventprop =/ *( ; ; The following are OPTIONAL, ; but MUST NOT occur more than once. ; color / ; ; The following are OPTIONAL, ; and MAY occur more than once. ; - image + conference / image ; ) todoprop =/ *( ; ; The following are OPTIONAL, ; but MUST NOT occur more than once. ; color / ; ; The following are OPTIONAL, ; and MAY occur more than once. ; - image + conference / image ; ) jourprop =/ *( ; ; The following are OPTIONAL, ; but MUST NOT occur more than once. ; color / ; ; The following are OPTIONAL, ; and MAY occur more than once. ; - image + conference / image ; ) 5. Properties 5.1. NAME Property Property Name: NAME Purpose: This property specifies the name of the calendar. @@ -241,80 +243,85 @@ ) Example: The following is an example of this property: NAME:Company Vacation Days 5.2. DESCRIPTION Property This specification modifies the definition of the "DESCRIPTION" property to allow it to be defined on an iCalendar object. The - following additions are made to the definition of this property. + following additions are made to the definition of this property, + originally specified in Section 3.8.1.5 of [RFC5545]. Purpose: This property specifies the description of the calendar. Conformance: This property can be specified multiple times in an iCalendar object. However, each property MUST represent the description of the calendar in a different language. Description: This property is used to specify a lengthy textual description of the iCalendar object that can be used by calendar user agents when describing the nature of the calendar data to a user. Whilst a calendar only has a single description, multiple language variants can be specified by including this property multiple times with different "LANGUAGE" parameter values on each. 5.3. UID Property This specification modifies the definition of the "UID" property to allow it to be defined on an iCalendar object. The following - additions are made to the definition of this property. + additions are made to the definition of this property, originally + specified in Section 3.8.4.7 of [RFC5545]. Purpose: This property specifies the persistent, globally unique identifier for the iCalendar object. This can be used, for example, to identify duplicate calendar streams that a client may have been given access to. It can be used in conjunction with the "LAST-MODIFIED" property also specified on the "VCALENDAR" object, to identify the most recent version of a calendar. Conformance: This property can be specified once in an iCalendar object. 5.4. LAST-MODIFIED Property This specification modifies the definition of the "LAST-MODIFIED" property to allow it to be defined on an iCalendar object. The - following additions are made to the definition of this property. + following additions are made to the definition of this property, + originally specified in Section 3.8.7.3 of [RFC5545]. Purpose: This property specifies the date and time that the information associated with the calendar was last revised. Conformance: This property can be specified once in an iCalendar object. 5.5. URL Property This specification modifies the definition of the "URL" property to allow it to be defined on an iCalendar object. The following - additions are made to the definition of this property. + additions are made to the definition of this property, originally + specified in Section 3.8.4.6 of [RFC5545]. Purpose: This property may be used to convey a location where a more dynamic rendition of the calendar information can be found. Conformance: This property can be specified once in an iCalendar object. 5.6. CATEGORIES Property This specification modifies the definition of the "CATEGORIES" property to allow it to be defined on an iCalendar object. The - following additions are made to the definition of this property. + following additions are made to the definition of this property, + originally specified in Section 3.8.1.2 of [RFC5545]. Purpose: This property defines the categories for an entire calendar. Conformance: This property can be specified multiple times in an iCalendar object. Description: When multiple properties are present, the set of categories that apply to the iCalendar object are the union of all the categories listed in each property value. @@ -612,21 +619,21 @@ ; ; Default is BADGE Description: This property parameter MAY be specified on "IMAGE" properties. In the absence of this parameter, the value "BADGE" MUST be used for the default behavior. The value determines how a client ought to present an image supplied in iCalendar data to the user. Values for this parameter are registered with IANA as per - Section 8.3. New values can be added to this registry following + Section 9.3. New values can be added to this registry following the procedure outlined in Section 8.2.1 of [RFC5545]. Servers and clients MUST handle x-name and iana-token values they don't recognize by not displaying any image at all. Example: IMAGE;VALUE=URI;DISPLAY=BADGE,THUMBNAIL;FMTTYPE=image/png:https://exa mple.com/images/weather-cloudy.png @@ -726,35 +733,69 @@ CONFERENCE;VALUE=URI;FEATURE=VIDEO; LABEL="Web video chat, access code=76543"; :https://video-chat.example.com/;group-id=1234 7. Security Considerations Several of the new properties or parameters defined by this specification allow reference to "external" URIs. Care MUST be taken when accessing data at external URIs as malicious content could be - present. In addition, access to those URIs could be tracked, leading - to loss of privacy. + present. Clients SHOULD ensure that suitable permission is granted + by calendar users before such URIs are dereferenced. + + The "REFRESH-INTERVAL" property could be used by an attacker to make + a client carry out rapid requests to the server hosting the calendar, + by specifying a very short duration (e.g., one second). This could + lead to resource consumption on the client or server, and denial-of- + service attacks against the server. Clients MUST ensure that they + throttle requests to the server to a reasonable rate. In most cases, + updating a public calendar once per day would suffice. If the + "REFRESH-INTERVAL" is any less than that, clients SHOULD warn the + calendar user and allow them to override it with a longer value. The "CONFERENCE" property can include a "FEATURE" property parameter with a "MODERATOR" value. In some cases the access code used by the owner/initiator of a conference might be private to an individual and clients and servers MUST ensure that such properties are not sent to attendees of a scheduled component, or sharees of a shared component. -8. IANA Considerations + Both the "COLOR" and "IMAGE" properties are likely to be used by + calendar users to express their own personal view of the calendar + data. In addition, these properties could be used by attackers to + produce a confusing display in a calendar user agent. When such + properties are encountered in calendar data that has come from other + calendar users (e.g., via a scheduling message, "public" calendar + subscription, shared calendar etc), it is advisable for the client to + give the receiving calendar user the option to remove (or adjust) + these properties as the data is imported into their calendar system. -8.1. Property Registrations + Security considerations in [RFC5545], and [RFC5546] MUST also be + adhered to. + +8. Privacy Considerations + + Several of the new properties or parameters defined by this + specification allow reference to "external" URIs. Access to those + URIs could be tracked, leading to loss of privacy. Clients SHOULD + ensure that suitable permission is granted by calendar users before + such URIs are dereferenced. + + Privacy considerations in [RFC5545], and [RFC5546] MUST also be + adhered to. + +9. IANA Considerations + +9.1. Property Registrations This document defines the following new iCalendar properties to be - added to the registry defined in Section 8.2.3 of [RFC5545]: + added to the registry defined in Section 8.3.2 of [RFC5545]: +------------------+---------+--------------------------------------+ | Property | Status | Reference | +------------------+---------+--------------------------------------+ | NAME | Current | RFCXXXX, Section 5.1 | | DESCRIPTION | Current | RFC5545 Section 3.8.1.5, RFCXXXX, | | | | Section 5.2 | | UID | Current | RFC5545 Section 3.8.4.7, RFCXXXX, | | | | Section 5.3 | | LAST-MODIFIED | Current | RFC5545 Section 3.8.7.3, RFCXXXX, | @@ -763,120 +804,132 @@ | | | Section 5.5 | | CATEGORIES | Current | RFC5545 Section 3.8.1.2, RFCXXXX, | | | | Section 5.6 | | REFRESH-INTERVAL | Current | RFCXXXX, Section 5.7 | | SOURCE | Current | RFCXXXX, Section 5.8 | | COLOR | Current | RFCXXXX, Section 5.9 | | IMAGE | Current | RFCXXXX, Section 5.10 | | CONFERENCE | Current | RFCXXXX, Section 5.11 | +------------------+---------+--------------------------------------+ -8.2. Parameter Registrations +9.2. Parameter Registrations This document defines the following new iCalendar property parameters - to be added to the registry defined in Section 8.2.4 of [RFC5545]: + to be added to the registry defined in Section 8.3.3 of [RFC5545]: +--------------------+---------+----------------------+ | Property Parameter | Status | Reference | +--------------------+---------+----------------------+ | DISPLAY | Current | RFCXXXX, Section 6.1 | | EMAIL | Current | RFCXXXX, Section 6.2 | | FEATURE | Current | RFCXXXX, Section 6.3 | | LABEL | Current | RFCXXXX, Section 6.4 | +--------------------+---------+----------------------+ -8.3. Display Types Registry +9.3. Display Types Registry This document defines the following new iCalendar value registry as per Section 8.2.6 of [RFC5545]: +--------------+---------+----------------------+ | Display Type | Status | Reference | +--------------+---------+----------------------+ | BADGE | Current | RFCXXXX, Section 6.1 | | GRAPHIC | Current | RFCXXXX, Section 6.1 | | FULLSIZE | Current | RFCXXXX, Section 6.1 | | THUMBNAIL | Current | RFCXXXX, Section 6.1 | +--------------+---------+----------------------+ -8.4. Feature Types Registry +9.4. Feature Types Registry This document defines the following new iCalendar value registry as per Section 8.2.6 of [RFC5545]: +--------------+---------+----------------------+ | Feature Type | Status | Reference | +--------------+---------+----------------------+ | AUDIO | Current | RFCXXXX, Section 6.3 | | CHAT | Current | RFCXXXX, Section 6.3 | | FEED | Current | RFCXXXX, Section 6.3 | | MODERATOR | Current | RFCXXXX, Section 6.3 | | PHONE | Current | RFCXXXX, Section 6.3 | | SCREEN | Current | RFCXXXX, Section 6.3 | | VIDEO | Current | RFCXXXX, Section 6.3 | +--------------+---------+----------------------+ -9. Acknowledgments +10. Acknowledgments Thanks to the following for feedback: Bernard Desruisseaux, Mike Douglass, Lucia Fedorova, Ken Murchison, Arnaud Quillaud, and Dave - Thewlis. This specification came about via discussions at the - Calendaring and Scheduling Consortium. + Thewlis. -10. References + This specification came about via discussions at the Calendaring and + Scheduling Consortium. -10.1. Normative References +11. References + +11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . [RFC5545] Desruisseaux, B., Ed., "Internet Calendaring and Scheduling Core Object Specification (iCalendar)", RFC 5545, DOI 10.17487/RFC5545, September 2009, . + [RFC5546] Daboo, C., Ed., "iCalendar Transport-Independent + Interoperability Protocol (iTIP)", RFC 5546, + DOI 10.17487/RFC5546, December 2009, + . + [W3C.REC-css3-color-20110607] A‡elik, T., Lilley, C., and D. Baron, "CSS Color Module Level 3", World Wide Web Consortium Recommendation REC-css3-color-20110607, June 2011, . -10.2. Informative References +11.2. Informative References [RFC2397] Masinter, L., "The "data" URL scheme", RFC 2397, DOI 10.17487/RFC2397, August 1998, . [RFC3966] Schulzrinne, H., "The tel URI for Telephone Numbers", RFC 3966, DOI 10.17487/RFC3966, December 2004, . - [RFC5546] Daboo, C., Ed., "iCalendar Transport-Independent - Interoperability Protocol (iTIP)", RFC 5546, - DOI 10.17487/RFC5546, December 2009, - . - [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, . Appendix A. Change History (To be removed by RFC Editor before publication) + Changes in draft-ietf-calext-extensions-04: + + 1. SECDIR: Added new items to Security Considerations and added + Privacy Considerations. + + 2. SECDIR: fixed missing conference item in component ABNF + definitions. + + 3. SECDIR: editorial fixes. + Changes in draft-ietf-calext-extensions-03: 1. AD: fixed =/ ABNF syntax. 2. AD: added description for CATEGORIES. 3. AD: Removed extra / in image ABNF. 4. AD: Fixed VALUE=URI in image ABNF.