Re: [Ace] Mirja Kühlewind's No Objection on draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT)

Mike Jones <Michael.Jones@microsoft.com> Thu, 31 October 2019 14:49 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BB17120809; Thu, 31 Oct 2019 07:49:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id obh_5n9S3bti; Thu, 31 Oct 2019 07:49:10 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650105.outbound.protection.outlook.com [40.107.65.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3692E1207FE; Thu, 31 Oct 2019 07:49:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eeLljbnfoVz6c/cBAHawVA1m0O3n08ol22d0Oywi8F5GwYqz+qV1HA4W6D0tSGYm4f/i1lThEdo2d9RLSvnZY75FJoEXUjHi0p3FGnERRQkmK8l/WiKUUg8puy6vK245cL6l8c+k2AGKck5eL8pYcJOJyjiDTahEnr5Rwu69vNOX4/1nsHE4kFw1yvt0bLu1taPFmaO1HHTxT2xkR4tiEsggQqbXnmdq6o4I82LQLY8pzKp49wCoqlRv7N7ZasMx3Y4WQyZchSHi800KHmRzL+9QypE2NgZn2F+QHWxw0MtnJVptTDJNZ4rsDhP5TAKDYjqRogiexOgvLeUaMayi8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tl54HIz/IhM+rvbapuo+BZD86+BCPaKBzj5VJ6faRmc=; b=gjw7A4Pvsv8ac9l55G08xstuJsNdOTgTpd4aEveS7TS1A36nK/caFxvKqnODkEhXHC8aU03OTvbqAl2L7HyChnDGUCVKxNrWpCjxgKXIl18W2om5voZVJDo33mpJ5nuVwMgz811VJxcXv1/30T9MO7r/Hh6TWqMry/6H/B9ZnMxA4/Y3lbsGNGJluT+MVyN5SBKIba+rF3MEMut8EEWBGPEWWAs4//BoutjvWfd6vk0cBtcZb+wHTMUFQCboH3esnR184cFodsa+8L+SXlY86qOS5tF5qNQEEnexRoV6xdFCZocdC08XNo3BukODYXcHbCOIYUq8K2O6uD09fqqsAw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tl54HIz/IhM+rvbapuo+BZD86+BCPaKBzj5VJ6faRmc=; b=URYqFMJGTlMjzL4KXox2b8BhmiBH+AgGcw/iun5STAniy4MuA7NJHj++PTsPehdlS7kYnkEm2dd6ijrU/N2ywdZABozMPay8cWmfMKCKAiRNURu73JQv5PtVjsNU4Eogv5eZQhFL9q1A+qCCoBSPwbevqGTqKnioJ/jwgFUEY4A=
Received: from DM6PR00MB0569.namprd00.prod.outlook.com (20.179.51.12) by DM6PR00MB0507.namprd00.prod.outlook.com (20.178.30.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2420.0; Thu, 31 Oct 2019 14:49:06 +0000
Received: from DM6PR00MB0569.namprd00.prod.outlook.com ([fe80::49:30:b130:e9b3]) by DM6PR00MB0569.namprd00.prod.outlook.com ([fe80::49:30:b130:e9b3%7]) with mapi id 15.20.2450.000; Thu, 31 Oct 2019 14:49:06 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Mirja Kuehlewind <ietf@kuehlewind.net>
CC: "Roman D. Danyliw" <rdd@cert.org>, "ace-chairs@ietf.org" <ace-chairs@ietf.org>, The IESG <iesg@ietf.org>, "ace@ietf.org" <ace@ietf.org>, "draft-ietf-ace-cwt-proof-of-possession@ietf.org" <draft-ietf-ace-cwt-proof-of-possession@ietf.org>, Barry Leiba <barryleiba@computer.org>
Thread-Topic: =?iso-8859-1?Q?[Ace]__Mirja_K=FChlewind's_No_Objection_on_draft-ietf-ace-?= =?iso-8859-1?Q?cwt-proof-of-possession-09:_(with_COMMENT)?=
Thread-Index: AQHVj4I83tyN1TOmrUmAhnUNA0Lq0qdz6adggADrhPA=
Date: Thu, 31 Oct 2019 14:49:06 +0000
Message-ID: <DM6PR00MB0569E5D666A24A2D2A8711B2F5630@DM6PR00MB0569.namprd00.prod.outlook.com>
References: <157201926102.4337.10953843577545450235.idtracker@ietfa.amsl.com> <CALaySJKSmewUn3u2T7Nr5MaCOJ5C=pAii3UB230r+jox5m-4gQ@mail.gmail.com> <20191028153150.GY69013@kduck.mit.edu> <4F15E6F7-2DA0-4C90-B891-DDA65917D1A7@kuehlewind.net> <BYAPR00MB0567997BBAC77665CBE19822F5660@BYAPR00MB0567.namprd00.prod.outlook.com> <CALaySJLFLCgF5HzgcBQJdRE7WV1fpiYHn1TJYkKqFTo0yVAtDA@mail.gmail.com> <DM6PR00MB0572B03A23D71726881F1C72F5630@DM6PR00MB0572.namprd00.prod.outlook.com> <20191031002855.GC88302@kduck.mit.edu> <MN2PR00MB05746322EC07B3A6E4252B93F5630@MN2PR00MB0574.namprd00.prod.outlook.com>
In-Reply-To: <MN2PR00MB05746322EC07B3A6E4252B93F5630@MN2PR00MB0574.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=30dfe3e6-4594-47ba-b9e7-0000f28564ab; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-10-31T00:44:22Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [50.47.93.218]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: f90b4422-a710-4aac-c927-08d75e117acf
x-ms-traffictypediagnostic: DM6PR00MB0507:
x-microsoft-antispam-prvs: <DM6PR00MB0507C83BF02E4414448B3B70F5630@DM6PR00MB0507.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 02070414A1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(136003)(366004)(396003)(39860400002)(376002)(51914003)(13464003)(199004)(189003)(6306002)(305945005)(74316002)(25786009)(2906002)(476003)(26005)(66574012)(10090500001)(53546011)(3846002)(71200400001)(102836004)(55016002)(6506007)(7696005)(9686003)(486006)(81166006)(229853002)(256004)(8990500004)(4326008)(99286004)(186003)(76176011)(86362001)(6436002)(6246003)(6116002)(11346002)(14444005)(446003)(81156014)(224303003)(7736002)(2171002)(33656002)(71190400001)(14454004)(66066001)(10290500003)(8936002)(22452003)(64756008)(66556008)(478600001)(66446008)(66476007)(966005)(52536014)(5660300002)(66946007)(316002)(76116006)(110136005)(54906003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR00MB0507; H:DM6PR00MB0569.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5EEeIjKO5ngbC1YhxigYKe1yPRWN3P3S08gxY2z5vk3Fo4AvIb284QgSY399jYwUvqu/EO2oGMD6NJ1E7zLRjqI9+nwdZCxRvZ9zfiQXNhj/8gIYZWjYwV/h1LogORIieHr2qWrL0Sq8tEOe96V9kGadDAQBWLJDcBD2gr9bA7R+O/vDmylY4yPWxNrFICVcL5nCXnhojczbtJAoxgishPKH+8KH0paXOqwRKLx91qpTvOjk9EPpD/Trjw8CoT1HSW+liStaCpsryw6zeEeCzlk0tHZ5xBT5g9sy5bjJbjqCOq/YXSXlu0mKiK7IC37P1ejzAMJwF0fweIARswxObtPa20wRNvHG8+kNoNIg8ykbSuXNm9AvaXhszjXzShVfDhjQ9Nn0a+pvSFPatw4AJlD4DftMmd85cfM0nV8adFwunfQaoKDdtvIY7lojRLb/
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f90b4422-a710-4aac-c927-08d75e117acf
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 14:49:06.2348 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Gl1ZvaFWuDuJIS0qIdQrtUNFIU67ZXV5T0Tve29BAQ3pGa8qg9xANqYaCy8AxeaEoHfxoMVvoon6rpAizKh+xg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0507
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/3BCeQX1IEEY87AJ58XpLTHMeJ8E>
Subject: Re: [Ace] =?iso-8859-1?q?Mirja_K=FChlewind=27s_No_Objection_on_draft?= =?iso-8859-1?q?-ietf-ace-cwt-proof-of-possession-09=3A_=28with_COMMENT=29?=
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2019 14:49:14 -0000

Per the decision on the telechat, I have published -11, which removes the IESG appeal language in favor of direct appeal to the IESG.  See https://tools.ietf.org/html/draft-ietf-ace-cwt-proof-of-possession-11#section-7.

Please update the document status accordingly.

				Thank you,
				-- Mike

-----Original Message-----
From: Mike Jones 
Sent: Wednesday, October 30, 2019 5:48 PM
To: Benjamin Kaduk <kaduk@mit.edu>;
Cc: Roman D. Danyliw <rdd@cert.org>;; ace-chairs@ietf.org; Mirja Kuehlewind <ietf@kuehlewind.net>;; The IESG <iesg@ietf.org>;; ace@ietf.org; draft-ietf-ace-cwt-proof-of-possession@ietf.org; Barry Leiba <barryleiba@computer.org>;
Subject: RE: [Ace] Mirja Kühlewind's No Objection on draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT)

Thanks for the clarification, Ben.  I'm fine with this going either way (appeal to IESG or appeal to IANA).  Just drop me a note after the issue is discussed on the telechat and I'll turn around a new draft right away tomorrow, if requested.

				Later,
				-- Mike

-----Original Message-----
From: Ace <ace-bounces@ietf.org>; On Behalf Of Benjamin Kaduk
Sent: Wednesday, October 30, 2019 5:29 PM
To: Mike Jones <Michael.Jones@microsoft.com>;
Cc: Roman D. Danyliw <rdd@cert.org>;; ace-chairs@ietf.org; Mirja Kuehlewind <ietf@kuehlewind.net>;; The IESG <iesg@ietf.org>;; ace@ietf.org; draft-ietf-ace-cwt-proof-of-possession@ietf.org; Barry Leiba <barryleiba@computer.org>;
Subject: Re: [Ace] Mirja Kühlewind's No Objection on draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT)

Just to be clear, IANA raising the issue to the IESG is described in Section 5.3 of RFC 8126, which would be the default expectations if an individual document/registry did not give other instructions.

-Ben

On Thu, Oct 31, 2019 at 12:13:58AM +0000, Mike Jones wrote:
> I'm in the process of creating -10, which addresses the IESG comments other than Mirja's.  I'm reluctant to change the registration instructions, as they are currently identical to those for CWTs (and many other specifications going back to at least RFC 6749, modulo the name of the mailing list).  That said, if the IESG *really* wants to change the party to appeal to in the case of non-action from the Designated Experts from the IESG to IANA, I'm amenable to also making that change tomorrow, immediately following the telechat, so we can send the spec on to the RFC Editor.  Let me know what you decide.
> 
> 				Thanks again,
> 				-- Mike
> 
> -----Original Message-----
> From: Barry Leiba <barryleiba@computer.org>;
> Sent: Monday, October 28, 2019 2:00 PM
> To: Mike Jones <Michael.Jones@microsoft.com>;
> Cc: Mirja Kuehlewind <ietf@kuehlewind.net>;; Benjamin Kaduk 
> <kaduk@mit.edu>;; Roman D. Danyliw <rdd@cert.org>;; ace-chairs@ietf.org; 
> The IESG <iesg@ietf.org>;; ace@ietf.org; 
> draft-ietf-ace-cwt-proof-of-possession@ietf.org
> Subject: Re: [Ace] Mirja Kühlewind's No Objection on
> draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT)
> 
> The issue isn't using a mailing list.  The issue is the instructions to IANA about how to do management and tracking, stuff that they do just fine without working groups trying -- will all good intentions -- to tell them how.
> 
> The fact that there are a lot of RFCs that do it just says that working groups do this frequently, and most ADs don't notice or don't care.  And the reality is that IANA will manage the registration process how they do it, accommodating reasonable special instructions when they can.  The point is that documents shouldn't be giving special instructions unless there really is something special needed for a particular reason.
> 
> Barry
> 
> On Mon, Oct 28, 2019 at 12:19 PM Mike Jones <Michael.Jones@microsoft.com>; wrote:
> >
> > The practice of using a mailing list for registration requests to enable public visibility of them goes back at least to .well-known URI registrations https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc5785&amp;data=02%7C01%7CMichael.Jones%40microsoft.com%7C0b217822fdab454c213408d75d995cec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637080785592172015&amp;sdata=dvBR4fRzp1xSMcqXyaSa68Px7AJs3alwwTPJVH4YyMA%3D&amp;reserved=0 by Mark Nottingham in April 2010.  OAuth 2.0 followed this practice in RFC 6749, as did the JOSE specs and JWT in RFCs 7515-19.  The rest is history, as they say.
> >
> >                                 -- Mike
> >
> > -----Original Message-----
> > From: Mirja Kuehlewind <ietf@kuehlewind.net>;
> > Sent: Monday, October 28, 2019 8:54 AM
> > To: Benjamin Kaduk <kaduk@mit.edu>;
> > Cc: Barry Leiba <barryleiba@computer.org>;; Roman D. Danyliw 
> > <rdd@cert.org>;; ace-chairs@ietf.org; The IESG <iesg@ietf.org>;; 
> > ace@ietf.org; draft-ietf-ace-cwt-proof-of-possession@ietf.org
> > Subject: Re: [Ace] Mirja Kühlewind's No Objection on
> > draft-ietf-ace-cwt-proof-of-possession-09: (with COMMENT)
> >
> > These are all quite recents examples, so maybe the procedures are changing at the moment. I guess we as the IESG should be aware and figure out what the right procedure actually should be here.
> >
> > > On 28. Oct 2019, at 16:31, Benjamin Kaduk <kaduk@mit.edu>; wrote:
> > >
> > > On Fri, Oct 25, 2019 at 12:31:42PM -0400, Barry Leiba wrote:
> > >> Yeh, it's very common for authors to try to tell IANA how to 
> > >> handle registrations, and I often push back on that as inappropriate.
> > >> There are certainly special conditions that IANA should be told 
> > >> about, but this is standard work-flow management stuff that ought 
> > >> to be left to IANA.  I do think it should be changed before this 
> > >> is published, probably just removing that last sentence.
> > >
> > > While I'm not opposed to normalizing on a default procedure, I 
> > > think the authors were just trying to follow existing examples.
> > >
> > > RFC 7519:
> > >
> > >   Values are registered on a Specification Required [RFC5226] basis
> > >   after a three-week review period on the jwt-reg-review@ietf.org
> > >   mailing list, on the advice of one or more Designated Experts.
> > >   However, to allow for the allocation of values prior to publication,
> > >   the Designated Experts may approve registration once they are
> > >   satisfied that such a specification will be published.
> > >
> > >   Registration requests sent to the mailing list for review should use
> > >   an appropriate subject (e.g., "Request to register claim: example").
> > >
> > >   Within the review period, the Designated Experts will either approve
> > >   or deny the registration request, communicating this decision to the
> > >   review list and IANA.  Denials should include an explanation and, if
> > >   applicable, suggestions as to how to make the request successful.
> > >   Registration requests that are undetermined for a period longer than
> > >   21 days can be brought to the IESG's attention (using the
> > >   iesg@ietf.org mailing list) for resolution.
> > >
> > > RFC 8414:
> > >
> > >   Values are registered on a Specification Required [RFC8126] basis
> > >   after a two-week review period on the oauth-ext-review@ietf.org
> > >   mailing list, on the advice of one or more Designated Experts.
> > >   However, to allow for the allocation of values prior to publication,
> > >   the Designated Experts may approve registration once they are
> > >   satisfied that such a specification will be published.
> > >
> > >   Registration requests sent to the mailing list for review should use
> > >   an appropriate subject (e.g., "Request to register OAuth
> > >   Authorization Server Metadata: example").
> > >
> > >   Within the review period, the Designated Experts will either approve
> > >   or deny the registration request, communicating this decision to the
> > >   review list and IANA.  Denials should include an explanation and, if
> > >   applicable, suggestions as to how to make the request successful.
> > >   Registration requests that are undetermined for a period longer than
> > >   21 days can be brought to the IESG's attention (using the
> > >   iesg@ietf.org mailing list) for resolution.
> > >
> > > RFC 8447:
> > >
> > >   Specification Required [RFC8126] registry requests are registered
> > >   after a three-week review period on the <tls-reg-review@ietf.org>;
> > >   mailing list, on the advice of one or more designated experts.
> > >   However, to allow for the allocation of values prior to publication,
> > >   the designated experts may approve registration once they are
> > >   satisfied that such a specification will be published.
> > >
> > >   Registration requests sent to the mailing list for review SHOULD use
> > >   an appropriate subject (e.g., "Request to register value in TLS bar
> > >   registry").
> > >
> > >   Within the review period, the designated experts will either approve
> > >   or deny the registration request, communicating this decision to the
> > >   review list and IANA.  Denials SHOULD include an explanation and, if
> > >   applicable, suggestions as to how to make the request successful.
> > >   Registration requests that are undetermined for a period longer than
> > >   21 days can be brought to the IESG's attention (using the
> > >   <iesg@ietf.org>; mailing list) for resolution.
> > >
> > > [I stopped looking here]
> > >
> > > So if we're going to change things around, maybe we should issue 
> > > an IESG statement.
> > >
> > > -Ben
> > >
> > >
> >

_______________________________________________
Ace mailing list
Ace@ietf.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Face&amp;data=02%7C01%7CMichael.Jones%40microsoft.com%7C0b217822fdab454c213408d75d995cec%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637080785592182009&amp;sdata=8VdwDB36GMdeSsrXWDUK0DZ8%2BvjcQJKcV5I95588UQo%3D&amp;reserved=0