IETF Logo Mail Archive

Re: [art] Fwd: New Version Notification for draft-nottingham-how-did-that-get-into-the-repo-00.txt

"Manger, James" <James.H.Manger@team.telstra.com> Thu, 16 August 2018 07:36 UTC

Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46447130EED for <art@ietfa.amsl.com>; Thu, 16 Aug 2018 00:36:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.609
X-Spam-Level:
X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=teamtelstra.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jd3QpITPt2cS for <art@ietfa.amsl.com>; Thu, 16 Aug 2018 00:36:08 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35C73130E74 for <art@ietf.org>; Thu, 16 Aug 2018 00:36:07 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="5.53,246,1531749600"; d="scan'208,217";a="139258363"
X-Amp-Result: SKIPPED(no attachment in message)
Received: from unknown (HELO ipcbvi.tcif.telstra.com.au) ([10.97.217.204]) by ipocvi.tcif.telstra.com.au with ESMTP; 16 Aug 2018 17:36:03 +1000
Received: from wsmsg3753.srv.dir.telstra.com ([172.49.40.174]) by ipcbvi.tcif.telstra.com.au with ESMTP; 16 Aug 2018 17:36:03 +1000
Received: from wsapp5585.srv.dir.telstra.com (10.75.3.67) by WSMSG3753.srv.dir.telstra.com (172.49.40.174) with Microsoft SMTP Server (TLS) id 8.3.485.1; Thu, 16 Aug 2018 17:35:53 +1000
Received: from wsapp5584.srv.dir.telstra.com (10.75.131.20) by wsapp5585.srv.dir.telstra.com (10.75.3.67) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 16 Aug 2018 17:27:28 +1000
Received: from AUS01-SY3-obe.outbound.protection.outlook.com (10.172.229.125) by wsapp5584.srv.dir.telstra.com (10.75.131.20) with Microsoft SMTP Server (TLS) id 15.0.1320.4 via Frontend Transport; Thu, 16 Aug 2018 17:27:28 +1000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=teamtelstra.onmicrosoft.com; s=selector1-team-telstra-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=u9XADT3zcqwgDWhAOzF/tVonU7FSqbivPBu4gl4N02I=; b=owmEaVCoXHlqNlhOv6JMuj0SLprfzT7hn6dj0C6+GKrxHD+uxqPX2NiUD1U2Z8J7QMJ3o3bws+q3vcELneSsNmn0bqOl8VqJUBRKrGeNesEoqUbtv8NDWkAJH+kLt5BpaNSl0xjfEtNM4IxSKUghRut/V/h7djtg6+W960eriw8=
Received: from MEAPR01MB3542.ausprd01.prod.outlook.com (52.134.216.9) by MEAPR01MB3511.ausprd01.prod.outlook.com (52.134.215.208) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1059.19; Thu, 16 Aug 2018 07:27:27 +0000
Received: from MEAPR01MB3542.ausprd01.prod.outlook.com ([fe80::f19a:6df1:9f8d:e8f1]) by MEAPR01MB3542.ausprd01.prod.outlook.com ([fe80::f19a:6df1:9f8d:e8f1%3]) with mapi id 15.20.1059.017; Thu, 16 Aug 2018 07:27:27 +0000
From: "Manger, James" <James.H.Manger@team.telstra.com>
To: Mark Nottingham <mnot@mnot.net>, Applications and Real-Time Area Discussion <art@ietf.org>
Thread-Topic: [art] Fwd: New Version Notification for draft-nottingham-how-did-that-get-into-the-repo-00.txt
Thread-Index: AQHUNSInS4QXyYjet0W6gSf5PkQMHaTB38Bg
Date: Thu, 16 Aug 2018 07:27:27 +0000
Message-ID: <MEAPR01MB354265F31B3D44632382F9ABE53E0@MEAPR01MB3542.ausprd01.prod.outlook.com>
References: <153439723413.3044.13789923949547859272.idtracker@ietfa.amsl.com> <1AA1057E-4422-4D0B-A8A3-354891F31889@mnot.net>
In-Reply-To: <1AA1057E-4422-4D0B-A8A3-354891F31889@mnot.net>
Accept-Language: en-AU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 10.0.500.19
dlp-reaction: no-action
x-originating-ip: [203.35.185.253]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MEAPR01MB3511; 6:8TEQomYyhGrhUQ/O481Y9uslHIVexWVUaABLUQwkmWdhFSnEYJf6xvIOsA3KijGZLr7HFE3M0kUzBPcirPI9TCxWslR9uRUs4P4vMIMKUZOdMUuIKPjLROt02qIMB4j1rhDg+Y5GlbSDTMtz8B6ow1ki1uyPMfzv01jdSDTmQyd0B6UPkihzASlpHy+ZGmI287t1ciUFTbKkejFIKxjanSa86altOxcszCxriYBwlM0/7VHVCjHEReDYXacAHuui9WTkNMtgnzaPOAZSX2nK1RwPpmHw+NKV0+x49CEN2PzDF6y3BEnjBZ7zg7GriwHQHcQYjzPRg6Pp9YF0XF5W+oxfD57B5lEumMKUpPZMokcDqCl9yflyEk7t61sH6/e/MHQQgUXSgCYlS2wXQQFL4gzLj+KtK4ZRDmbCM1CoB7doOrbwNxxLucPMgt0dQoDhnC/wRenxEB1jdlcYObgNoQ==; 5:H06UyWUgVhNvx89+UsZwrwMkaVBVkWrzF51DTMgCGSi30eSti67VmaRX2QzJtEHTDKm5lb81nzF5EL4RRyda0Kzr8oeF8CCgvdBwtlJ41B5ijm+iqAlePtKQN0Xzr8ACisxTonUxkV8vey90zJ9apGjMwLj8LzJQabNRm+Jqh+k=; 7:FqB9g5zhNFP++4qY/hxMNDo9BBZuL3eRAipPy2DmwBAqYI0VJU2vA0o8HVDfzo1Nt1GsKrRGQmLTcu4WsCzzJmbszB3CDY8V20hK2hzixRlgI66mDK5/IxKANMQoWndCm37GAAwCgC2/joCxhCVXijOk5Zot9RRKfNbtQv8TFKaZzgMt1ASJANOKesdQg7Qd14O7L/cj9Nv9cFu4C5QsZxFmbCk8sNtqF0YFGX9RqUgWkJBDj/dkKwagpR+l6yJc
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 973bd72a-a8ec-470b-0543-08d60349b83e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:MEAPR01MB3511;
x-ms-traffictypediagnostic: MEAPR01MB3511:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=James.H.Manger@team.telstra.com;
x-microsoft-antispam-prvs: <MEAPR01MB3511E285315CF20E000A2311E53E0@MEAPR01MB3511.ausprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(278428928389397)(120809045254105)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(20161123560045)(20161123558120)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(201708071742011)(7699016); SRVR:MEAPR01MB3511; BCL:0; PCL:0; RULEID:; SRVR:MEAPR01MB3511;
x-forefront-prvs: 07665BE9D1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(376002)(346002)(39860400002)(136003)(396003)(189003)(199004)(69234005)(2420400007)(3846002)(790700001)(236005)(486006)(99286004)(9686003)(446003)(11346002)(6116002)(7696005)(476003)(14454004)(606006)(76176011)(54896002)(7110500001)(316002)(5250100002)(15650500001)(110136005)(14971765001)(6436002)(6246003)(7736002)(53386004)(2900100001)(229853002)(6306002)(55016002)(97736004)(25786009)(33656002)(105586002)(66066001)(478600001)(81166006)(8676002)(81156014)(256004)(14444005)(1680700002)(68736007)(26005)(186003)(53546011)(5660300001)(6506007)(102836004)(966005)(53936002)(2906002)(72206003)(74316002)(8936002)(86362001)(106356001)(10710500007); DIR:OUT; SFP:1102; SCL:1; SRVR:MEAPR01MB3511; H:MEAPR01MB3542.ausprd01.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None (protection.outlook.com: team.telstra.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: X3EbNQvNEa6yo/T24QYj8Mhb8if8/jJtGl1dpVomdtqfu4yXf/9sklbRO7c3dQnokSkrs2OCKT0Q7FKoioBGX89TXNY0rj2u3ADyv3IPenlVPxR3jPltR0m/F3F6dqkW1wD7HwPnGY9Gw5pum9VnXAjf4xF4zKp4DWp60xxXH539YzpU8I/VJN7vHtsm5LQZiY5QrM/2ZNu8VQoxpFrIMoV/VoszQGa5OnkBSaefjMVU5b0/nA6L7k8WLRvZuEi0XOid293MsE/z9Tz9n4euPozQmtDtMU19K3Gg9CKnYxeIKtodLD94+6NNgmEiy6w7TU4Gj4nonnt88CXEg8PHDY0mjZFmygiQFKt/6Phbo88=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MEAPR01MB354265F31B3D44632382F9ABE53E0MEAPR01MB3542ausp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 973bd72a-a8ec-470b-0543-08d60349b83e
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Aug 2018 07:27:27.7290 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 49dfc6a3-5fb7-49f4-adea-c54e725bb854
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAPR01MB3511
X-OriginatorOrg: team.telstra.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/gGgsE9rvzMabvR0IAGBTxqmyklw>
Subject: Re: [art] Fwd: New Version Notification for draft-nottingham-how-did-that-get-into-the-repo-00.txt
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 07:36:12 -0000

Your ABNF says a secret-token-URI can only use a 66-char alphabet, then text says other chars are allows as %-encodings. Shouldn't the ABNF explicitly show it allows %xx, or (better still) only allow the 66-char alphabet (so the example needs to change).

The scheme part of URIs is case-insensitive so I'm not sure you can say the URI string is matched "character-for-character, case-sensitive". An example that looks like hex, but supposed to be case-sensitive is not ideal.

--
James Manger

From: art [mailto:art-bounces@ietf.org] On Behalf Of Mark Nottingham
Sent: Thursday, 16 August 2018 3:29 PM
To: Applications and Real-Time Area Discussion <art@ietf.org>
Subject: [art] Fwd: New Version Notification for draft-nottingham-how-did-that-get-into-the-repo-00.txt

FYI, an idea to help prevent accidental disclosure of authentication tokens. Thoughts? I've circulated it some had had a generally positive response.

Prettier copy at:
  https://mnot.github.io/I-D/how-did-that-get-into-the-repo/

Cheers,




Begin forwarded message:

From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>
Subject: New Version Notification for draft-nottingham-how-did-that-get-into-the-repo-00.txt
Date: 16 August 2018 at 3:27:14 pm AEST
To: "Mark Nottingham" <mnot@mnot.net<mailto:mnot@mnot.net>>


A new version of I-D, draft-nottingham-how-did-that-get-into-the-repo-00.txt
has been successfully submitted by Mark Nottingham and posted to the
IETF repository.

Name:             draft-nottingham-how-did-that-get-into-the-repo
Revision:        00
Title:               The secret-token URI Scheme
Document date:          2018-08-16
Group:             Individual Submission
Pages:             5
URL:            https://www.ietf.org/internet-drafts/draft-nottingham-how-did-that-get-into-the-repo-00.txt
Status:         https://datatracker.ietf.org/doc/draft-nottingham-how-did-that-get-into-the-repo/
Htmlized:       https://tools.ietf.org/html/draft-nottingham-how-did-that-get-into-the-repo-00
Htmlized:       https://datatracker.ietf.org/doc/html/draft-nottingham-how-did-that-get-into-the-repo


Abstract:
  This document registers the "secret-token" URI scheme, to aid in the
  identification of authentication tokens.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

The IETF Secretariat

--
Mark Nottingham   https://www.mnot.net/

v2.46.0 | Report a Bug | By Email | System Status