Re: [Cbor] Secdir telechat review of draft-ietf-cbor-sequence-01
Stephen Kent <stkent@verizon.net> Wed, 25 September 2019 14:12 UTC
Return-Path: <stkent@verizon.net>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id DC4BA12006F
for <cbor@ietfa.amsl.com>; Wed, 25 Sep 2019 07:12:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=verizon.net
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id RssUsE_KfjDW for <cbor@ietfa.amsl.com>;
Wed, 25 Sep 2019 07:12:13 -0700 (PDT)
Received: from sonic304-9.consmr.mail.bf2.yahoo.com
(sonic304-9.consmr.mail.bf2.yahoo.com [74.6.128.32])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 661F612006E
for <cbor@ietf.org>; Wed, 25 Sep 2019 07:12:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verizon.net; s=a2048;
t=1569420732; bh=/jUoe/Eki5VBklrauras+K5XVkuSMe9844A6iHV33Uo=;
h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject;
b=LYa69tkAt2arzVYTfKHrZs9aEAWovmdnYng9CEnOGSRql7AEmGPwGH4+K332vvGBEvRDY4t7m1qFEbGmEfaW9xenlRSkurgyM970OXbX9NcmJNFs21Wj1p2QdzwLHgw3xQ+bs4nHbn7R1MyTPAaNddWr0l4Wcikb+Tso1fHbKiIorNGcDdU71DVDy/Tbg4XNGsoMBMng+N4o2N367F3/JFj6sQQCgyw+lQcYMxT49uDzAU4bwtX1wl6D05Sig2Mli51DQmNA0jxp09Ru2Q/jmaE/y2wH0M3iNBBK+DnwXgg+tUAMoH5zlyAkvMOllVfGY7+DMM2YiS6GQFVHC3PIxg==
X-YMail-OSG: v.a_QcwVM1mgxyVETnHVRuZFjNLPmi79hvb0.vKLbG3hHHYIqrRPZo6dbMktv7z
wWx0wiHqpx_NrnGKuGK8ro_DWBoz3ITgSCslqfhXA64Ecl2kR8VLyBtOwd4BoVdpjYpKpwMr7STR
.AbhxSSzdUjAbdojbv1Ey104A6BQHGQkQtNVAlnugt2RUd_9hMRMVjJ3mjwP27K_GSTcurBO.qYt
BBz3IWzjdGllBH33t7IX4biT3UmjKCSIThe.pZMyionI5n3yabx.CByDZN8Lwox56SDNGYKBeEE.
8SyCd.Q0PSMm0wzuY9k56AoVJSD3bTQQAZMI19ARkIwGl_.CbWOpI.nhlV16HI3X_g9_6pBq6GG6
gSuDAoFgHBDI1vwHLo__.vBckCd5FOCdkCSEheyPGpYASOyMxURJ3IgPQzGjavHmVPc7m8ui7fVk
3JpQU4fneZa9kVeA9pC4vGDrnxTjOGr64U9Oxl8_OuU752BlmCdGjZLp1DVBTjqhJNabm.W4vUVJ
l0AxDy0fWkJu7A8kQe.WEHCFBz8kWgYqmronqDDEK6sZYYk7r45Vx59e9Qdlmgh8TmnbPE8GJ1bh
hCL7mvGNoAFU2tARfm1Yz5Q1bKrAY.2_7FYItjFENGyOrcM4o_NeANb0dRM53.cluuS44fiJKN64
TAIHEyRz8rLvxjfAWV6BcrsYE1uz0JTB1thFPq1QvTyNa.078L8xj0vP5ZI3ILznc.HYGi6k7Ezx
mr8XM.sJM60hNkab74Qdwhqh6L2S5Ra8mfw5Qd0k1N5ZboNSlLPjDji_dI3ZEqdFKJcEHuiowScu
tXVq1GaoEyaJWCXf2eY.zSWT7xP0m2zaGA8wr_aEqoPzlVfR_nnjmIzwCrXqiMHuCwaip.aohLrr
ER35vb2HibAMuVdMJs6QSxK_eDDPP_REFmhzPhTsRH3QB4Qs8KJAGCRaN.UunOi_AtEAHFys4YOL
GRW302FgpQD0uPupqhBIgg5IqhS.R3jCv1wF480vE810YMBTCdbHbEckpGUGAZrLEzFY0_7NpcSl
wxS7GC3.53p7J3sslW5XKvFQfzEbEpkatN6QxCfoWmtKRPNhkk3.qYVnTvIUmlGWXI8tJxyMxAJ1
ycVlZzwjV8UiQw4FIJq9pmjKv1acckffp3sxYlr48yf_UCiZDmiiWbaSEffN3XjkpsHqKYeduWOC
_bwVs2I4X4moFCPMVXyWe1dWnjua72CrTGp5x8E0eddbEGqsDPdGzY86dsG_c7bnuOG49zWNFs9A
na1ECduxe9MkKB8QOyTCo0oqEalrBNqjrlEgH7_KYjKyKN_NWW_Cr8oSv9Wl2cd1GoIO8U8b1f4w
ZtPKCzM4yOoyjiuaMxA--
Received: from sonic.gate.mail.ne1.yahoo.com by
sonic304.consmr.mail.bf2.yahoo.com with HTTP; Wed, 25 Sep 2019 14:12:12 +0000
Received: by smtp412.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA
ID 90e859c14ae09ceeb1a6e4176b5f19a4;
Wed, 25 Sep 2019 14:12:12 +0000 (UTC)
To: Carsten Bormann <cabo@tzi.org>, Stephen Kent <kent@alum.mit.edu>
Cc: secdir@ietf.org, draft-ietf-cbor-sequence.all@ietf.org, ietf@ietf.org,
cbor@ietf.org
References: <156779251575.21899.11186203310854403491@ietfa.amsl.com>
<9C5B6D0A-98DA-4A35-A8A9-ACA4FCDBB91F@tzi.org>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <42c37ccd-1660-1efd-5fa5-80f174a80d4d@verizon.net>
Date: Wed, 25 Sep 2019 10:12:09 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0)
Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <9C5B6D0A-98DA-4A35-A8A9-ACA4FCDBB91F@tzi.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/6md26Q1h0NgjtzyIBqhJ1WRFr7U>
Subject: Re: [Cbor] Secdir telechat review of draft-ietf-cbor-sequence-01
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>,
<mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>,
<mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2019 14:12:16 -0000
Carsten, > Hi Stephen, > > thank you for this review. > > On Sep 6, 2019, at 19:55, Stephen Kent via Datatracker <noreply@ietf.org> wrote: >> The second paragraph of the Security Considerations section reminds the >> reader that decoders (parsers) ought to be designed with the understanding that >> inputs are untrusted ??? good advice. I???d be happier if the final sentence >> changed ???must??? to ???MUST??? to reinforce this admonition. > Here I have a question: It seemed to me that we generally try to avoid putting BCP14 keywords into security considerations sections ??? after all, the interoperability requirements should be handled in the actual protocol definition, not in the security considerations after the fact. I am not aware of the convention you mention re BCP 14 keywords in the Security Considerations section. I'm pretty confident that I have seen the use of such keywords in other SC section sin the past > This MUST would be an implementation requirement. Is this something we want to do in a security considerations section? RFC 3552 appears to be silent about this. I don't think 3552 makes a statement on this topic either way. Steve
- [Cbor] Secdir telechat review of draft-ietf-cbor-… Stephen Kent via Datatracker
- Re: [Cbor] Secdir telechat review of draft-ietf-c… Carsten Bormann
- Re: [Cbor] Secdir telechat review of draft-ietf-c… Alexey Melnikov
- Re: [Cbor] Secdir telechat review of draft-ietf-c… Stephen Kent
- Re: [Cbor] Secdir telechat review of draft-ietf-c… Carsten Bormann