Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12
Dan Romascanu <dromasca@gmail.com> Tue, 27 February 2018 07:29 UTC
Return-Path: <dromasca@gmail.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD93F124BAC; Mon, 26 Feb 2018 23:29:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c4BU5UHDFlJ6; Mon, 26 Feb 2018 23:29:20 -0800 (PST)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3874A1200B9; Mon, 26 Feb 2018 23:29:20 -0800 (PST)
Received: by mail-qt0-x22e.google.com with SMTP id t6so12533476qtn.9; Mon, 26 Feb 2018 23:29:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gsBCsx8ZhZXlWAUEDN57sikvq/PwALt04wwA4cvsqDk=; b=ge/Od08JRuSiDkBtl90GcsADpZsZr80pHvsXqkEz+jpxnMd13t7tn8d+HODoqkmhfq hLD9GwexuaalSd/uWHRSX6MZIivL6FLSoen3T10X/OQ6Ckdiec9cxDC6Xq1oL+EAbR1c qyFBhB7hSOK+6vQKn647XI/y5Bj77ItRT7A3EgzvUVUxdw/dagHPYoAOQmabi2YxhGSv 70gdl2Znls8295a+K1R3ioqMkgSm8pialFaeyXqXE8UyjyUcgR6iaa/nni73BOfw6hXw 9Pxi6jvGde7WNWSeeprRajS+dsMoef1JTUB6DrTPaDcOsuv5ByFS+3rLHcVAv46uieiX H6Sw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gsBCsx8ZhZXlWAUEDN57sikvq/PwALt04wwA4cvsqDk=; b=Qe06lSqOahbz0GVxX+OASE0oNuuu0kwjHsjkU2j+b/flrRUrhmsQoSaftvuky+FXJq 8BDNxBNb5TC5xPWX+VzV8v+EjjQzukJAHAI382RXr5HvjwP95f5LksSR/QPf6dSAMfa+ 9O9MdoOvnFMqUSr/8lbMZsCrcMxsYQMVE+o1fHlKs1NiDlGsyQGP4SAyUqjkIQb7ufCR 8YVKlrchZW/xRrunr89sc35Iob5OHJ4Wpxr3bIN8XfAm4+cYc3iRBs8QNyUFlOSCHlNs 5BlzO+dSlZNtx4jGSHdeRhdWEfrhnNRviUpAeHMTbtShmY6BK59Q1W8FcHUKwSSXwJA+ hBug==
X-Gm-Message-State: APf1xPDat5K7ByJIm3AdZdecDpFBfS8C1icb+m4cM6iCoSB8vu84j0Ot Mj9eqrQ2tEgsd/Xy8avZE+20U5n0vgTjSZu5mRY=
X-Google-Smtp-Source: AG47ELuQ37JBa5/y44MAIjLSRLrBsz6pBxqyFPHjGnmMM42qp2bp6TNUS+DBwtDIEGlnZB9RX8HbKZLGXLvKWzjsLEU=
X-Received: by 10.200.66.78 with SMTP id r14mr22555381qtm.49.1519716559305; Mon, 26 Feb 2018 23:29:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.23.200 with HTTP; Mon, 26 Feb 2018 23:29:18 -0800 (PST)
In-Reply-To: <CAFgnS4V_Mg4k8AVqz6j0yeR_g7sWqQwrWSTnOw0Z2h-Dqy37xw@mail.gmail.com>
References: <151967178760.21771.14005895812023525211@ietfa.amsl.com> <021201d3af3e$1f204cc0$5d60e640$@augustcellars.com> <CAFgnS4USoaMrDSbvOZj4Pwg3DprMNNxrHoPn+DK-YjVNB-Jrog@mail.gmail.com> <022401d3af4b$69813600$3c83a200$@augustcellars.com> <CAFgnS4V_Mg4k8AVqz6j0yeR_g7sWqQwrWSTnOw0Z2h-Dqy37xw@mail.gmail.com>
From: Dan Romascanu <dromasca@gmail.com>
Date: Tue, 27 Feb 2018 09:29:18 +0200
Message-ID: <CAFgnS4X76651+fY6Rp_ygv-MZGkAH6XUkCkCr2asxREy2CuHUQ@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: gen-art <gen-art@ietf.org>, ace@ietf.org, ietf <ietf@ietf.org>, draft-ietf-ace-cbor-web-token.all@ietf.org
Content-Type: multipart/alternative; boundary="f4f5e8065d68ad414b05662c9501"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/tgWlan8zrds0p8GpTPfbuQk3jG8>
Subject: Re: [Ace] Genart telechat review of draft-ietf-ace-cbor-web-token-12
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Feb 2018 07:29:23 -0000
Hi Jim, See also Section 4.12 in RFC 8126 for the use of multiple policies in combination. I believe that what the document tries to say is: Register R is divided into four different ranges R1, R2, R3, R4 (defining the value limits may be useful) Values in range R1 are allocated according to policy P1 in the case that ... Values in range R2 are allocated according to policy P2 in the case that ... Values in range R3 are allocated according to policy P3 in the case that ... Values in range R4 are allocated according to policy P4 in the case that ... Regards, Dan On Tue, Feb 27, 2018 at 8:44 AM, Dan Romascanu <dromasca@gmail.com> wrote: > > > On Mon, Feb 26, 2018 at 11:47 PM, Jim Schaad <ietf@augustcellars.com> > wrote: > >> >> >> >> >> *From:* Dan Romascanu [mailto:dromasca@gmail.com] >> *Sent:* Monday, February 26, 2018 1:19 PM >> *To:* Jim Schaad <ietf@augustcellars.com> >> *Cc:* gen-art <gen-art@ietf.org>; ace@ietf.org; ietf <ietf@ietf.org>; >> draft-ietf-ace-cbor-web-token.all@ietf.org >> *Subject:* Re: Genart telechat review of draft-ietf-ace-cbor-web-token-12 >> >> >> >> Hi Jim, >> >> Thank you for your answer and for addressing my comments. >> >> On item #2: >> >> >> >> On Mon, Feb 26, 2018 at 10:12 PM, Jim Schaad <ietf@augustcellars.com> >> wrote: >> >> >> >> > -----Original Message----- >> > From: Dan Romascanu [mailto:dromasca@gmail.com] >> > >> >> >> >> ... >> >> > >> > 2. I am a little confused by the definition of policies in Section 9.1: >> > >> > Depending upon the values being requested, registration requests are >> > evaluated on a Standards Track Required, Specification Required, >> > Expert Review, or Private Use basis [RFC8126] after a three-week >> > review period on the cwt-reg-review@ietf.org mailing list, on the >> > advice of one or more Designated Experts. >> > >> > How does this work? The request is forwarded to the designated expert, >> > he/she make a recommendation concerning the policy on the mail list, and >> > depending on the feedback received a policy is selected? Who establishes >> > consensus? >> > >> > Frankly, I wonder if this can work at all. Are there other examples of >> four >> > different policies for the same registry, applied on a case-to-case >> basis? >> >> This is the same approach that is being used for the COSE registries. As >> an example, you can look at https://www.iana.org/assignmen >> ts/cose/cose.xhtml#algorithms. >> >> Part of the issue about this is that the JOSE/JWT registries do have the >> same different policies, but that differences are hidden from the IANA >> registry. Since they allow for a URI to be used as the identifier of a >> field, only the plain text versions are registered. Thus I can use " >> http://augustcellars.com/JWT/My_Tag" as an identifier. Since for CBOR >> the set of tag values is closed and does not have this escape (nor would >> one want the length of the tag) it is necessary to have this break down of >> tag fields. >> >> >> >> >> This does not seem to be exactly the same approach. The COSE RFC 8152 >> defines the registry policy in a different manner. There is only one policy >> that is proposed 'Expert Review' and than the Expert Review Instructions >> are used to define the cases when a Standards Track specification is >> required. No such text exists in the current I-D. There is no separation of >> the values space in the registry according to the type of assignment here, >> as in RFC 8152. >> >> >> >> [JLS] The policies look to be the same to me, but I may be missing >> something that you are seeing.. Remember that Specification Required >> implies Expert review. >> >> >> >> Hi Jim, > > You seem to miss the exact definition of policies. Please see RFC 8126, > Section 4. Expert Review and Specification Required are two different > policies, even if one implies the other. Your document defines multiple > policies for the same registry, without making clear which is to be used > and when. This is unusual. > > Regards, > > Dan > > > >
- [Ace] Genart telechat review of draft-ietf-ace-cb… Dan Romascanu
- Re: [Ace] Genart telechat review of draft-ietf-ac… Jim Schaad
- Re: [Ace] Genart telechat review of draft-ietf-ac… Dan Romascanu
- Re: [Ace] Genart telechat review of draft-ietf-ac… Jim Schaad
- Re: [Ace] Genart telechat review of draft-ietf-ac… Benjamin Kaduk
- Re: [Ace] Genart telechat review of draft-ietf-ac… Benjamin Kaduk
- Re: [Ace] Genart telechat review of draft-ietf-ac… Dan Romascanu
- Re: [Ace] Genart telechat review of draft-ietf-ac… Dan Romascanu
- Re: [Ace] Genart telechat review of draft-ietf-ac… Dan Romascanu
- Re: [Ace] Genart telechat review of draft-ietf-ac… Benjamin Kaduk
- Re: [Ace] Genart telechat review of draft-ietf-ac… Jim Schaad
- Re: [Ace] Genart telechat review of draft-ietf-ac… Mike Jones
- Re: [Ace] Genart telechat review of draft-ietf-ac… Dan Romascanu
- Re: [Ace] Genart telechat review of draft-ietf-ac… Mike Jones
- Re: [Ace] Genart telechat review of draft-ietf-ac… Jim Schaad
- Re: [Ace] Genart telechat review of draft-ietf-ac… Dan Romascanu
- Re: [Ace] Genart telechat review of draft-ietf-ac… Mike Jones
- Re: [Ace] [Gen-art] Genart telechat review of dra… Alissa Cooper