Re: [atoca] Next milestone

Brian Rosen <> Tue, 25 September 2012 17:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C374C21F881B for <>; Tue, 25 Sep 2012 10:30:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.274
X-Spam-Status: No, score=-101.274 tagged_above=-999 required=5 tests=[AWL=-2.325, BAYES_05=-1.11, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2VWyFx8HvQt5 for <>; Tue, 25 Sep 2012 10:30:48 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id 24C9021F8448 for <>; Tue, 25 Sep 2012 10:30:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=default; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=cgyR9cw8xg+A051aJhZrn4vDLZbyG+0ypi0kzTlSA68=; b=B/koJfSE+b7/o++PPnNHCsYQysX/FO571M/m6wPxkV0o/O9Kr8d3boYkU1XvwnvMD/wGvvwEUeCmO8gtAiY9xGit83IUdR2Nag3rBnlY1kRHIhAXpp4euFEPkAQEJH1d;
Received: from ([]:12495 helo=[]) by with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77) (envelope-from <>) id 1TGYy6-0005Yg-VY; Tue, 25 Sep 2012 13:30:47 -0400
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1486\))
From: Brian Rosen <>
In-Reply-To: <>
Date: Tue, 25 Sep 2012 13:30:46 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Martin Thomson <>
X-Mailer: Apple Mail (2.1486)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [atoca] Next milestone
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Sep 2012 17:30:48 -0000

I think this draft is helpful, but I'm still not sure how it's going to fit in the scheme of things.
I guess I am unsure of how many wrappings there will be.

This has something to do with transport, and includes my concerns about automated geotargeting.

It would seem to me that we either have to extend or profile the current field in CAP to get what we want, or we need a wrapper that has some more standardized representation of area affected (something like PIDF-LO).  For example, how do you target "Allegheny County, PA, US"?  A text line?  With what syntax?  A polygon?

I like the idea of Alert-Tokens quite a bit (low cost filter on authenticity).   I'm still unsure about the details.

I do think we're having difficulty on the signature thing.  On the one hand, we have existence proof that the CAP mechanism works well enough.  On the other hand, we have the generic "dSig has problems, especially with respect to canonicalization" statements.   Somehow, we're talking past each other, and we need to find out why CAP users have not had the problems the nay sayers say they should be having.

On Sep 25, 2012, at 1:09 PM, Martin Thomson <> wrote:

> There isn't a lot of time before the Atlanta meeting.  These are our
> upcoming milestones:
> *1st*  Oct 2012 - Call for WG consensus on adopting a Secure Alerting
> Format draft into the WG
> *15th*  Oct 2012 - First WG draft of Secure Alerting Format
> We've had some discussion on draft-barnes-atoca-escape.
> From my reading of the discussion, these are the major issues with the draft:
> 1. The use of CMS duplicates the capabilities provided by CAP, which
> uses XML digital signature.
> 2. The usefulness of Alert Tokens.
> I'd like to hear what people feel would resolve these issues, or if
> these represent irreconcilable differences.
> _______________________________________________
> atoca mailing list