IETF Logo Mail Archive

[auth48] question - Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review

Alice Russo <arusso@amsl.com> Thu, 08 February 2024 18:05 UTC

Return-Path: <arusso@amsl.com>
X-Original-To: auth48archive@ietfa.amsl.com
Delivered-To: auth48archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A776CC14F70A; Thu, 8 Feb 2024 10:05:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.208
X-Spam-Level:
X-Spam-Status: No, score=-4.208 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e0qSz85RdoKi; Thu, 8 Feb 2024 10:05:40 -0800 (PST)
Received: from c8a.amsl.com (c8a.amsl.com [4.31.198.40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA561C14F5F3; Thu, 8 Feb 2024 10:05:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by c8a.amsl.com (Postfix) with ESMTP id CC0F9424B455; Thu, 8 Feb 2024 10:05:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from c8a.amsl.com ([127.0.0.1]) by localhost (c8a.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id guEq2t8lTHaP; Thu, 8 Feb 2024 10:05:40 -0800 (PST)
Received: from smtpclient.apple (c-76-146-133-47.hsd1.wa.comcast.net [76.146.133.47]) by c8a.amsl.com (Postfix) with ESMTPSA id 68747424B427; Thu, 8 Feb 2024 10:05:40 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Alice Russo <arusso@amsl.com>
In-Reply-To: <7b15b21d11cd47d7af60365e7b139e26@orange.com>
Date: Thu, 08 Feb 2024 10:05:39 -0800
Cc: "Mishra, Sanjay" <sanjay.mishra=40verizon.com@dmarc.ietf.org>, "cdni-ads@ietf.org" <cdni-ads@ietf.org>, "cdni-chairs@ietf.org" <cdni-chairs@ietf.org>, "kevin.j.ma.ietf@gmail.com" <kevin.j.ma.ietf@gmail.com>, "francesca.palombini@ericsson.com" <francesca.palombini@ericsson.com>, "rfc-editor@rfc-editor.org" <rfc-editor@rfc-editor.org>, auth48archive <auth48archive@rfc-editor.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E8E4DF93-F575-4435-8C07-CFB06CEED3A2@amsl.com>
References: <20240123065751.D786E199610A@rfcpa.amsl.com> <7566767A-2661-462A-AE1B-2E225ACAA0D7@amsl.com> <CA+EbDtCSsAe6M=jW5NfXwpWkBPO2CLBuVmxFwM2ZB5sF+jXSGg@mail.gmail.com> <3DD85FCC-090F-4401-A6CF-640E966C749F@amsl.com> <CA+EbDtAnf19sMORx4L7mip4Qq-uPT4Vn4gFV37dbhRss-AJfQA@mail.gmail.com> <7b15b21d11cd47d7af60365e7b139e26@orange.com>
To: FIEAU Frédéric INNOV/NET <frederic.fieau@orange.com>, emile.stephan@orange.com, "Mishra, Sanjay" <sanjay.mishra@verizon.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/auth48archive/EWQNtg9HdyAR4biEBsyUaSq3G5w>
Subject: [auth48] question - Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review
X-BeenThere: auth48archive@rfc-editor.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Archiving AUTH48 exchanges between the RFC Production Center, the authors, and other related parties" <auth48archive.rfc-editor.org>
List-Unsubscribe: <https://mailman.rfc-editor.org/mailman/options/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/auth48archive/>
List-Post: <mailto:auth48archive@rfc-editor.org>
List-Help: <mailto:auth48archive-request@rfc-editor.org?subject=help>
List-Subscribe: <https://mailman.rfc-editor.org/mailman/listinfo/auth48archive>, <mailto:auth48archive-request@rfc-editor.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2024 18:05:44 -0000

Authors,

Approvals are complete; however, we have a question regarding the SVG in Section 3:

The SVG has the width and height specified, which makes the artwork not scale. We suggest that scaling be enabled. Scaling will allow the figure to be resized when it is viewed on a mobile device; however, there may be aesthetic trade-offs (e.g., image may appear too large on a desktop screen). 

Please review Figure 1 in the HTML and PDF files and let us know if they may be updated.

The current document (SVG does not scale):
  https://www.rfc-editor.org/authors/rfc9538.html
  https://www.rfc-editor.org/authors/rfc9538.pdf
  https://www.rfc-editor.org/authors/rfc9538.xml (source)

vs. SVG without width and height:
  https://www.rfc-editor.org/authors/test9538.html  
  https://www.rfc-editor.org/authors/test9538.pdf 
  https://www.rfc-editor.org/authors/test9538.xml (source)

Thank you.
RFC Editor/ar

> On Feb 7, 2024, at 10:53 AM, emile.stephan@orange.com wrote:
> 
> Hi Alice
>  
> I hope you are well.
>  
> I approve to the 4 new wording suggested below.
>  
> Tell me if you expect a more detailed answer.
>  
> Kind regards
> Emile
>  
>  
>  
> From: Mishra, Sanjay <sanjay.mishra@verizon.com> 
> Sent: mercredi 7 février 2024 18:31
> To: Alice Russo <arusso@amsl.com>
> Cc: FIEAU Frédéric INNOV/NET <frederic.fieau@orange.com>; STEPHAN Emile INNOV/NET <emile.stephan@orange.com>; Mishra, Sanjay <sanjay.mishra=40verizon.com@dmarc.ietf.org>; cdni-ads@ietf.org; cdni-chairs@ietf.org; kevin.j.ma.ietf@gmail.com; francesca.palombini@ericsson.com; rfc-editor@rfc-editor.org; auth48archive <auth48archive@rfc-editor.org>
> Subject: Re: [E] Re: AUTH48: RFC-to-be 9538 <draft-ietf-cdni-delegation-acme-04> for your review
>  
> Hi Alice - Thank you and please see response below for the 4 questions:
>  
> 1) <!--[rfced] May this be rephrased as follows for readability?
> 
> Original:
>    RFC9115 allows delegating entities to remain in
>    full control of the delegation and be able to revoke it any time and
>    this avoids the need to share private cryptographic key material
>    between the involved entities.
> 
> Perhaps:
>    Per RFC 9115, delegating entities can remain in
>    full control of the delegation and can revoke it at any time.
>    This avoids the need to share private cryptographic key material
>    between the involved entities.
> -->
> Yes, I approve the new wording as suggested above
>  
> 
> 
> 2) <!--[rfced] FYI, in Section 1.1, we added mention of "STAR" so that it
> is expanded upon first use. Please let us know if you prefer otherwise.
> (In the original, the first use was in Section 3 - "ACME STAR delegation"
> was followed by explanation but was without a direct expansion.)
> 
> Original:
>    It also uses
>    terminology from Section 1.2 of [RFC8739] and Section 1.1 of
>    [RFC9115].
> 
> Current:
>    It also uses
>    terminology from Section 1.2 of [RFC8739] and Section 1.1 of
>    [RFC9115], including Short-Term, Automatically Renewed (STAR),
>    as applied to X.509 certificates.
> -->
> 
> Yes, I approve of the new wording as above. 
> 
> 3) <!--[rfced] How may this sentence be rephrased for clarity? In particular,
> "allows to specify" is not clear. Also, Section 2.3.1.3 of RFC 9115
> indicates that the CNAME mapping is optional; should this sentence be
> updated to reflect that?
> 
> Original:
>       |   Note: The delegation object defined in Section 2.3.1.3 of
>       |  [RFC9115] only allows to specify DNS mappings using CNAME RRs.
> 
> Perhaps:
>       |   Note: The delegation object defined in Section 2.3.1.3 of
>       |  [RFC9115] only allows DNS mappings to be specified using CNAME RRs.
> 
> Yes, I approve the above wording as suggested
>  
> Or:
>       |   Note: The delegation object defined in Section 2.3.1.3 of
>       |  [RFC9115] allows DNS mappings to be specified using only CNAME RRs.
> -->
> 
> 
> 4) <!--[rfced] FYI, for readability and precision, we have made the following
> updates: split this into two sentences, changed "criticality around"
> to "criticality of", and changed "which" to "this account".
> Please review and let us know if you prefer otherwise.
> 
> Original:
>    The reader is expected to understand the ACME delegation trust model
>    (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of
>    [RFC9115]), in particular the criticality around the protection of
>    the user account associated with the delegation, which authorizes all
>    the security relevant operations between dCDN and uCDN over the ACME
>    channel.
> 
> Current:
>    The reader is expected to understand the ACME delegation trust model
>    (Section 7.1 of [RFC9115]) and security goal (Section 7.2 of
>    [RFC9115]).  In particular, the reader is expected to understand the
>    criticality of the protection of the user account associated with the
>    delegation; this account authorizes all the security-relevant
>    operations between a dCDN and a uCDN over the ACME channel.
>  
> Yes, I approve of the suggested text.
>  
> Thank you very much
> Best
> Sanjay
>  
> On Wed, Feb 7, 2024 at 12:17 PM Alice Russo <arusso@amsl.com> wrote:
> Authors,
>  
> Sanjay, thank you for your reply and for letting us know about Frederic's reply to the CDNI mailing list.
>  
> Please reply to the 4 questions below regarding changes to the text.
>  
> The edited document is here:
>   https://www.rfc-editor.org/authors/rfc9538.html
>   https://www.rfc-editor.org/authors/rfc9538.pdf
>   https://www.rfc-editor.org/authors/rfc9538.txt
>   https://www.rfc-editor.org/authors/rfc9538.xml (source)
> 
> Diff files of all changes from the approved Internet-Draft:
>   https://www.rfc-editor.org/authors/rfc9538-diff.html 
>   https://www.rfc-editor.org/authors/rfc9538-rfcdiff.html (side by side)
> 
> This page shows the AUTH48 status of your document:
>   https://www.rfc-editor.org/auth48/rfc9538
>  
> In addition to the authors' responses to the questions, we hope to hear from Emile Stephan, as an approval is needed from each author listed in the first-page header of the RFC.
>  
> Thank you.
> RFC Editor/ar

v2.23.0 | Report a Bug | By Email