Re: [Ace] shepherd review of draft-ietf-ace-cbor-web-token-11

Mike Jones <Michael.Jones@microsoft.com> Fri, 02 February 2018 23:18 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEB68126CBF; Fri, 2 Feb 2018 15:18:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s8stMJT-XXav; Fri, 2 Feb 2018 15:18:03 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0135.outbound.protection.outlook.com [104.47.32.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3B48126C23; Fri, 2 Feb 2018 15:18:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3svfj7ne7QBYTK5VVlid26QqGAuaGW0bNI5QT9gIPVw=; b=kTYUiAsH9kVpqbtMK/YGQbYTDQyBwt26ER7x1xJkIDzRYq9SRzNpUS4ZXGHx7tQ+DLS3+BQSuhb1rln7shilbPrW8h9JZ21YJkpQbvdaQeZmao4i8LMnmNUDEY/IXRB9aNl4isg5RScYbQToPhLekFn/OSqFhbTn6G+XLgH8Eq0=
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com (52.132.114.20) by SN6PR2101MB1006.namprd21.prod.outlook.com (52.132.117.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.4; Fri, 2 Feb 2018 23:18:00 +0000
Received: from SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::7068:47f5:3e1c:ce6a]) by SN6PR2101MB0943.namprd21.prod.outlook.com ([fe80::7068:47f5:3e1c:ce6a%6]) with mapi id 15.20.0485.006; Fri, 2 Feb 2018 23:18:00 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "ace@ietf.org" <ace@ietf.org>, "draft-ietf-ace-cbor-web-token@ietf.org" <draft-ietf-ace-cbor-web-token@ietf.org>
Thread-Topic: shepherd review of draft-ietf-ace-cbor-web-token-11
Thread-Index: AQHTnHSoJbM2laX2yEKgYqoNmy7brKORvsLQ
Date: Fri, 02 Feb 2018 23:18:00 +0000
Message-ID: <SN6PR2101MB094306EB550F443537B99B67F5F90@SN6PR2101MB0943.namprd21.prod.outlook.com>
References: <20180202222446.GJ12363@mit.edu>
In-Reply-To: <20180202222446.GJ12363@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-02-02T23:16:42.5940386Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:3::42a]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN6PR2101MB1006; 7:YniKkjfxWYFM2Yd64rOI9AWLj89RZf0J9KuIG1qQIOCllkf2gAh9DYJRqgai3ltLJPt6NTODGN2umNgdXchJUIXY/FJS36ZoIgH7gmRzZQ1i2wp4AfQgwr+8TSz2gHmPX35n6gJE7bjz20bCiq87pcX0Gz132QHlWQCiJ02ARbrmQwYbJrsvyFyKBICtxWBQfEsvmJC78uDAh/+UYZmWwjPo9o7os7adYVoFlRWHHTm5bN91E/UwvlxG0Mf7+rf3
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 4b1dbb54-201a-41c8-966a-08d56a9333d8
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:SN6PR2101MB1006;
x-ms-traffictypediagnostic: SN6PR2101MB1006:
x-microsoft-antispam-prvs: <SN6PR2101MB1006E0CC39CCC3F0B78BDA49F5F90@SN6PR2101MB1006.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(240460790083961);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(3231101)(2400082)(944501161)(6055026)(61426038)(61427038)(6041288)(20161123560045)(20161123564045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:SN6PR2101MB1006; BCL:0; PCL:0; RULEID:; SRVR:SN6PR2101MB1006;
x-forefront-prvs: 05715BE7FD
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(366004)(376002)(346002)(39380400002)(39860400002)(51914003)(53754006)(199004)(189003)(13464003)(2950100002)(33656002)(14454004)(99286004)(74316002)(305945005)(105586002)(7736002)(72206003)(22452003)(316002)(110136005)(10290500003)(478600001)(6436002)(53936002)(55016002)(9686003)(186003)(229853002)(59450400001)(6506007)(53546011)(102836004)(2501003)(3660700001)(3280700002)(2906002)(68736007)(76176011)(6246003)(2171002)(25786009)(7696005)(6116002)(6346003)(5250100002)(8990500004)(86612001)(97736004)(2900100001)(86362001)(106356001)(5660300001)(8676002)(8936002)(81156014)(10090500001)(2201001)(81166006); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR2101MB1006; H:SN6PR2101MB0943.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-message-info: zDz2X1OWziOQX3kQgb3busZ3ZS0MoIwetCEejWVgrrw0ech6NXw1oEsDPTGkZr3LS9S7+UyllLUk2z4hKL6Rgw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4b1dbb54-201a-41c8-966a-08d56a9333d8
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2018 23:18:00.3841 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR2101MB1006
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/S8OSw0LTDbOJ4i1eROnWMtF4Eg0>
Subject: Re: [Ace] shepherd review of draft-ietf-ace-cbor-web-token-11
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Feb 2018 23:18:06 -0000

Thanks for the detailed read, Ben.  Will do.

				-- Mike

-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk@mit.edu] 
Sent: Friday, February 2, 2018 2:25 PM
To: ace@ietf.org; draft-ietf-ace-cbor-web-token@ietf.org
Subject: shepherd review of draft-ietf-ace-cbor-web-token-11

Hi all,

We're getting ready to send this to Kathleen for processing (hopefully to finish before her term as AD does!), but there are a few nits that should be fixed with a new rev before we actually push the button.

We currently have an informational reference to RFC 5226, which has since been replaced by RFC 8126; we should update our citation to the newer document with guidelines for writing IANA considerations.

In section 9.1 the second pargaraph says that the values are registerd on a "Specification Required" basis, but we have some ranges that are just "Expert Review".  So I think this text should say "Expert Review" instead (with some of the guidance to the experts being that certain subranges have additional requirements).

We also note that the Experts should consider "whether it is useful only for a single application", and it's not entirely clear to me what the reuslt of that consideration should be.  Is only being useful for a single application supposed to be grounds for rejecting a registration?  (That doesn't seem necessarily true, for the Expert Review range.)  Or is that just a factor for whether "nice-looking"
names should be allowed for them?  Or something else?

In section 9.4, we attempt to register a value from the CBOR Tag registry; however, the template in RFC 7049 includes a "description of semantics" field, and not the "reference" field that we provide.

Finally, in the acknowledgments, we can ask the RFC Editor to use the non-ASCII "Gőran" if he so desires.  (Last I heard the tooling isn't there to use non-ASCII for internet drafts yet, though.)

Authors, will you be able to prepare a new version with these changes?

Thanks,

Ben