Re: [core] [CoRE] Working Group Last Call (WGLC) of draft-ietf-core-target-attr-01

Esko Dijk <esko.dijk@iotconsultancy.nl> Mon, 20 February 2023 12:52 UTC

Return-Path: <esko.dijk@iotconsultancy.nl>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 694DAC14F727 for <core@ietfa.amsl.com>; Mon, 20 Feb 2023 04:52:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=iotconsultancy.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fUx5Laq4cZLt for <core@ietfa.amsl.com>; Mon, 20 Feb 2023 04:52:05 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on0700.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0c::700]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B579C14CEE5 for <core@ietf.org>; Mon, 20 Feb 2023 04:52:00 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S46LhLhn5AIvEGaLZeDNko5KGb/BrHSfo/zDvlP5SRoTHK1OTPUwrLum3IhQc3Iv8HG5hbPu9fpStP4d1gdZiRKIqyV3gZ3cRqJNqxTrZue9N9aQhvU6lEx635o+BcBRu3ewZhyymTyrLK9ouA0ksK3qMkIjaib3qijkAefUtYFTFX8AYzFxUooc9Pyu1kCdtj/6Cs1zyBjYNzpVe78wQycolsCdlG5AsL/R7Q9ir55V+4JoaPjD/HYBGmi2CVFMagRdVZVWpbQYd+Kk1xyimkFUkuKkO1+JqaHwuoWTR2QV0wBVHXm8FOBkVMoexepuOnGFUP433/oCwsOC9FmSRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s+fkwmj5gGileqt8J8ULtfq40DnrgiTXhVHgFHX7DyI=; b=QMyfymsJHW+wfbjhrTwo/jCnkHuYGlbe/qdGiPVYghi5+jGpSsasoDmC6icqkL6o5cqHDYCiy8v1U7z5poci3xYy1mf/PIo9L00Vs+ZXJ4U3ZGJiB3yXW1cIsLXEMONSV8gMKEoPQ8Qy7oExY/NjmsiralpH0RINO26p4JUCBTm6+93w3WQF+ignsWJGPfAyOnKSrug6Zt9gnWFyRauhk5g7chdqNPkw3weBq2RXzf34tN7Hhd2t4rZXwPnEqnp+mqBYjva83vHgZZwiAndTvMl3qeOYIBZevYkuiNvuW4h03A+fhN/HlhNdgK3sTmCwRPTX1DG082bnUEp5sxvTww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=iotconsultancy.nl; dmarc=pass action=none header.from=iotconsultancy.nl; dkim=pass header.d=iotconsultancy.nl; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iotconsultancy.nl; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s+fkwmj5gGileqt8J8ULtfq40DnrgiTXhVHgFHX7DyI=; b=e/SI3i5nkQyw/k/3hf1tRhpmJ/0IOEPn1N7zuNyYXR4raWalxu8YcjzbYM5a3nWxAhQfYzvzwu7vHLf/TQbTv3tb7nJEqyescVYP4ZkUeLirAVpsWuiW/P2MOpJsQ/t6YcAEnQJisnVGkVouptUJ7lB7rLhTKnVOp31xZI89lmE=
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM (2603:10a6:10:3b9::20) by PR3P190MB0921.EURP190.PROD.OUTLOOK.COM (2603:10a6:102:8b::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.20; Mon, 20 Feb 2023 12:51:56 +0000
Received: from DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::491a:6a13:eba4:e991]) by DU0P190MB1978.EURP190.PROD.OUTLOOK.COM ([fe80::491a:6a13:eba4:e991%8]) with mapi id 15.20.6111.019; Mon, 20 Feb 2023 12:51:56 +0000
From: Esko Dijk <esko.dijk@iotconsultancy.nl>
To: Carsten Bormann <cabo@tzi.org>
CC: Thomas Fossati <Thomas.Fossati@arm.com>, Marco Tiloca <marco.tiloca=40ri.se@dmarc.ietf.org>, "core@ietf.org" <core@ietf.org>
Thread-Topic: [core] [CoRE] Working Group Last Call (WGLC) of draft-ietf-core-target-attr-01
Thread-Index: AQHZQGaXg25hgFDuWkWijIhRJYBR6a7OZ+uAgAkscwCAADseAIAAAgBg
Date: Mon, 20 Feb 2023 12:51:55 +0000
Message-ID: <DU0P190MB19787F1D25315653BBBF3463FDA49@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
References: <a1d15c56-c447-ac5a-6c6c-40a1780f748c@ri.se> <DB9PR08MB65241EE57923384B5B5B646C9CA29@DB9PR08MB6524.eurprd08.prod.outlook.com> <DU0P190MB1978C4F3E4D2F3EECA6BBEEBFDA49@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM> <E850AD05-0672-41E0-90F3-69E81A66001B@tzi.org>
In-Reply-To: <E850AD05-0672-41E0-90F3-69E81A66001B@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=iotconsultancy.nl;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0P190MB1978:EE_|PR3P190MB0921:EE_
x-ms-office365-filtering-correlation-id: 51c6150b-c93f-4f51-4ea2-08db13413f56
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: k3oQu7mMDaGrQMa75TbKKQg62bP4cF34eJnKazIthfG6zHErwuQF83dNQ3DXcw/w/ApZpb+p6lcil/y3lGBNdteLNZRPx54P4l+EFSfntoYQ6r8kvos85W9wGMKZ6q6Afe883NxidjJdSqxJyQZt60H6yPNxb5dz6psng5QoQocRcYuAQHdmjww119BGZOiSOHNTBLdeP7urypZ1EHZIWm1lErmzccj+cPVS8725sEtjAaiKl11+YK3Tq9N9U0NHctNqPnwFWEezV9v0M9XiKxxFn9pKm2/UfJxt36XAGmxhqZlAGw/3Pq00QMUTWP8WKbZT3H5snoPEu/xN+gQq6opl/KU3p+sfVGQDioDC/4VhW453D3Salz49YlLngzH6ftgzmZkydL+w44tAbASCSYXl4TinUAzM52G/X2WKcSOsFim7nqiNzHXRK5jjgoqxcBNH4SBmoNXY/eUUn5WZu4Cx1Tm3RZW6HLtWzLq61Yu04lWoxdnAIHnmHlxkbmCH+9BH+w4nc03UrSxcyLP+xOFAVz1gvC97oNSWfP2KBBFf7nWdMuwo2uxYqgkU0XbHrkQbCUMV9mUHR4RCIHMn1g7PskOIK5zXqjGSXZox6hMNJXGOnBcPal15C8nyqxBF4+N9MuX/vCssu+EBMfv7K8bXYPh19gTBCQ9Zw7UYTcjOE0JZ2wAzJGadq6vs+mTC
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0P190MB1978.EURP190.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230025)(39830400003)(366004)(376002)(396003)(136003)(346002)(451199018)(186003)(26005)(122000001)(2906002)(41300700001)(53546011)(9686003)(6506007)(44832011)(38070700005)(38100700002)(5660300002)(8936002)(52536014)(33656002)(966005)(316002)(86362001)(8676002)(66446008)(76116006)(66556008)(66476007)(66946007)(4326008)(6916009)(7696005)(478600001)(64756008)(71200400001)(83380400001)(55016003)(54906003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KdjNfli83uhcOKp532vpHsQLTiO9a1xNVyuclU8byxAhzfxw4tyqPvn4EghSE3r/U1BNBbrWXFX/oBvk0QEO7iMqUFDF7oxiHY6OXF1lwLBipn7XgI3/fL2lJ4g2J1gr1ksXe/oJIKGxgAjE/znyzHxFCK/eYra6QMD3yNp/9NbOCKXBTnLnJjcXssn/cPDg3AzUUuCTbDW+75lWK0W1JZ2tXhxh4ZorlxNOvkIaoiBHngIt8u1uHNU7cOzeWbYF5T8kzjRqHmAf6ypBz1WhfJyAUcwPsjRTJ2waBGD5VwwXpYOBpJxRRb0+ZFGUE1bEhySnwR4frZOdckXrWJy6qfGpNCvEk7836YvY/PdFZ6CAPD4vi+Qj6cRpy93tOEz72j2+5obJYZ06l188m2vpDdd6S8pQaie43DC3ZGYLTyWGKoXEbF8nw6Svv5ZgWsXK9QvajOG1ogGDyMmCXAX0QbB5WFyuiKr2+khHAV7qmOt4f87AEPX9GpiydlylX57wZLzaTVYucIUluNx3d3VA0pAcGpPT+FvyQDEz88KmMjnLuPXNnsFQSEgIw3yXypzrpJsyWkATcEnjcW/skyK9OOKbInX4StUEETnL5UxN3tUuHtUacLm7MkRvAKDXN8QjrYe/2XCRGv+9K/5KAAXOHLr0yju15DRXM4zOBLU7qoEp61rF05EmX5lZM+7mApOHS+GVUWxH7zodiaAJ9xsoobNiFdRtIWH864mJzg/QdH9oaM63a/jtgkwNaaSRZ14NiTXPvUBBY5gPo2N5K9mW9IdKeMhA3/gEq8OQIH0iudgjHVlGsy5cTiUIw3fJSzVFr8+NNIiLy8pI7/7+ITgzWcRU0LagrC47mXlSHtOr8TZ4BbUv73yYLxhZRNIfBSKAVOUaJtMGFOf3VS3+pzrl3LHT441kEdtR/pmAl70KfnTwkmVJsSAlBU5l6pPTMrI13Y8+I284Jj6CGxzpykqmlNnLblqat2mGMEtY39riLdmVcJaDMrpG0OaP9UxOzGNmtO7PctpkdpT/KzjECFPWdZveAp7d3ejK8gLRB213HNm2sFBdXXajqPwhk+RenfozITnESHBZ7PF8HIVBtCh3puKIEiPOZv6sNKH/ESKlrPaT5EQe93iHgu6MqvklCJA1EAAaPgLV6PaMAQOF5m11xnpzBDjcMGLyTN8W4QWfeXgwlJu5LvnBBrAeo7Y/Dtg3MX1OPm6zxIfifIpTs9Z+V5FoFMSnXnvKtFxj+hyOdiZNwTGmSo/MTjTsLnVBRxA/gBBPfMf1D5OkzzEeDZ5TRgdyI5N5yqoZfsujGLvoq79b4YZnnouWNbPo4Wx90N/Di/6cGtLgqTLAoc3jSJpqZNepCX2FV3pIK75D+6YKR453nqkYU6PldYUYxVw2T9nUKscC1oJ1GJfWG+7FSVPd5KPHdsshCt9SXRw/5UnR/tIo4aZIvsrx07uLw4+DGIFpDlP/cH0q76vVOqUF0Sao6FnajBQIx8Sk4zWKlSH0KnV58y9oNR9UiWY2IrLcoefLolFHozjSfYytRP5isPzN2UMmQiod3aB2s46fnbwnKYTxcG7h7hxcCLL+fGTuixR0D3TX44mpqUps4WtkAmk5Og==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: iotconsultancy.nl
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0P190MB1978.EURP190.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 51c6150b-c93f-4f51-4ea2-08db13413f56
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Feb 2023 12:51:55.9011 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 58bbf628-15d2-46bc-820b-863b6774d44b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: L7CwaPK1DfV1ebkY3nmjgEs+OVZGyVvxo4VareJs/bBMihlWa0IttVz19vqizIeKwsLhC40e5QJfDVdwC+B+DM3BvkxeXsiajwqUWflrXoU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P190MB0921
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/-2Tk5ThY6yj8MrCWRo_JVwP_8MA>
Subject: Re: [core] [CoRE] Working Group Last Call (WGLC) of draft-ietf-core-target-attr-01
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Feb 2023 12:52:10 -0000

Thanks, I do think the expert could send an email to the core-parameters list in case of any doubt/issues/questions. This could be security-related, or it could be a concern of required orchestration: if different names with similar / same intent being registered.
If no response on core-parameters within some time (7 days?) then the expert can opt to just continue.

In the end, the expert makes the decision and not the email list collectively. And for most cases the mailing list wouldn't be needed.

> I don’t think we will be earning ourselves eternal glory for the way this has worked out so far.

No reason to avoid mailing lists altogether ;)  
The issue seems to be if the registration request is sent to a mailing list. If rather it is requested to IANA as suggested by this draft, then IANA delegates it to one specific expert, it should be much faster. IANA can reassign the expert in case the first one doesn't respond.

Regards
Esko

-----Original Message-----
From: Carsten Bormann <cabo@tzi.org> 
Sent: Monday, February 20, 2023 13:38
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
Cc: Thomas Fossati <Thomas.Fossati@arm.com>; Marco Tiloca <marco.tiloca=40ri.se@dmarc.ietf.org>; core@ietf.org
Subject: Re: [core] [CoRE] Working Group Last Call (WGLC) of draft-ietf-core-target-attr-01

On 2023-02-20, at 10:25, Esko Dijk <esko.dijk@iotconsultancy.nl> wrote:
> 
> Hi all,
>  
> I also reviewed and the document looks almost complete.
>  
> Two suggested fixes:
>  
> Section 5 of [RFC8075]
> -->  Section 5.5 of [RFC8075]

Good idea!
Now part of https://github.com/core-wg/core-target-attr/pull/9
 
> “-- Carsten”
> -->  this was probably meant to be removed ;)

Well, this is an editor’s note, so the entire will be removed by the RFC editor.
Putting a name here probably alerts a bit more to the fact that this is an editor’s note (<cref in RFCXML parlance).

> And one question on “security considerations”: should the designated expert perform any security-related review task? If yes, we should describe it. If not, we may clarify that’s up to the requester to consider.
> As an extreme example if someone wants to register an attribute “password” that stores a plain-text password for access to certain resources.  It may be ok if the link format is accessed over (D)TLS.
> If the targeted use is in plain unsecured discovery, it may not be a good idea. Should the expert consider this and maybe other security aspects?

Practical question: Where would this review go?
There may be other quality-of-specification issues.
I think it would be great if the expert gave the registrant some feedback on this, but there is no formal place(*) where this should be archived and no authority for the expert to decide the registration proposal is too shabby to register.

Grüße, Carsten

(*) Which brings up the question whether we should have a policy to discuss on the core-parameters list, like Section 7 of RFC 6690:

   Registration requests should be sent to the core-parameters@ietf.org
   mailing list, marked clearly in the subject line (e.g., "NEW RESOURCE
   TYPE - example" to register an "example" relation type or "NEW
   INTERFACE DESCRIPTION - example" to register an "example" Interface
   Description).

   Within at most 14 days of the request, the Designated Expert(s) will
   either approve or deny the registration request, communicating this
   decision to the review list and IANA.  Denials should include an
   explanation and, if applicable, suggestions as to how to make the
   request successful.

   Decisions (or lack thereof) made by the Designated Expert can be
   first appealed to Application Area Directors (contactable using the
   app-ads@tools.ietf.org email address or directly by looking up their
   email addresses on http://www.iesg.org/ website) and, if the
   appellant is not satisfied with the response, to the full IESG (using
   the iesg@ietf.org mailing list).

I don’t think we will be earning ourselves eternal glory for the way this has worked out so far.
But I did want to bring it up as a possibility.