Re: [core] [CoRE] Working Group Last Call (WGLC) of draft-ietf-core-target-attr-01
Carsten Bormann <cabo@tzi.org> Mon, 20 February 2023 12:37 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDEE7C14CEFC for <core@ietfa.amsl.com>; Mon, 20 Feb 2023 04:37:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c5KaEumEruh8 for <core@ietfa.amsl.com>; Mon, 20 Feb 2023 04:37:54 -0800 (PST)
Received: from smtp.zfn.uni-bremen.de (gabriel-smtp.zfn.uni-bremen.de [IPv6:2001:638:708:32::15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7AEDC14F727 for <core@ietf.org>; Mon, 20 Feb 2023 04:37:53 -0800 (PST)
Received: from [192.168.217.124] (p548dc9a4.dip0.t-ipconnect.de [84.141.201.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4PL24v0vHXzDCc2; Mon, 20 Feb 2023 13:37:51 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <DU0P190MB1978C4F3E4D2F3EECA6BBEEBFDA49@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
Date: Mon, 20 Feb 2023 13:37:50 +0100
Cc: Thomas Fossati <Thomas.Fossati@arm.com>, Marco Tiloca <marco.tiloca=40ri.se@dmarc.ietf.org>, "core@ietf.org" <core@ietf.org>
X-Mao-Original-Outgoing-Id: 698589470.579406-a37c2e4d0730e9d1857fe7fa9ab38b1a
Content-Transfer-Encoding: quoted-printable
Message-Id: <E850AD05-0672-41E0-90F3-69E81A66001B@tzi.org>
References: <a1d15c56-c447-ac5a-6c6c-40a1780f748c@ri.se> <DB9PR08MB65241EE57923384B5B5B646C9CA29@DB9PR08MB6524.eurprd08.prod.outlook.com> <DU0P190MB1978C4F3E4D2F3EECA6BBEEBFDA49@DU0P190MB1978.EURP190.PROD.OUTLOOK.COM>
To: Esko Dijk <esko.dijk@iotconsultancy.nl>
X-Mailer: Apple Mail (2.3608.120.23.2.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/Yyhg0gCh_D6YnmB7O_5Tl3ApZXQ>
Subject: Re: [core] [CoRE] Working Group Last Call (WGLC) of draft-ietf-core-target-attr-01
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Feb 2023 12:37:57 -0000
On 2023-02-20, at 10:25, Esko Dijk <esko.dijk@iotconsultancy.nl> wrote: > > Hi all, > > I also reviewed and the document looks almost complete. > > Two suggested fixes: > > Section 5 of [RFC8075] > --> Section 5.5 of [RFC8075] Good idea! Now part of https://github.com/core-wg/core-target-attr/pull/9 > “-- Carsten” > --> this was probably meant to be removed ;) Well, this is an editor’s note, so the entire will be removed by the RFC editor. Putting a name here probably alerts a bit more to the fact that this is an editor’s note (<cref in RFCXML parlance). > And one question on “security considerations”: should the designated expert perform any security-related review task? If yes, we should describe it. If not, we may clarify that’s up to the requester to consider. > As an extreme example if someone wants to register an attribute “password” that stores a plain-text password for access to certain resources. It may be ok if the link format is accessed over (D)TLS. > If the targeted use is in plain unsecured discovery, it may not be a good idea. Should the expert consider this and maybe other security aspects? Practical question: Where would this review go? There may be other quality-of-specification issues. I think it would be great if the expert gave the registrant some feedback on this, but there is no formal place(*) where this should be archived and no authority for the expert to decide the registration proposal is too shabby to register. Grüße, Carsten (*) Which brings up the question whether we should have a policy to discuss on the core-parameters list, like Section 7 of RFC 6690: Registration requests should be sent to the core-parameters@ietf.org mailing list, marked clearly in the subject line (e.g., "NEW RESOURCE TYPE - example" to register an "example" relation type or "NEW INTERFACE DESCRIPTION - example" to register an "example" Interface Description). Within at most 14 days of the request, the Designated Expert(s) will either approve or deny the registration request, communicating this decision to the review list and IANA. Denials should include an explanation and, if applicable, suggestions as to how to make the request successful. Decisions (or lack thereof) made by the Designated Expert can be first appealed to Application Area Directors (contactable using the app-ads@tools.ietf.org email address or directly by looking up their email addresses on http://www.iesg.org/ website) and, if the appellant is not satisfied with the response, to the full IESG (using the iesg@ietf.org mailing list). I don’t think we will be earning ourselves eternal glory for the way this has worked out so far. But I did want to bring it up as a possibility.
- [core] [CoRE] Working Group Last Call (WGLC) of d… Marco Tiloca
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Thomas Fossati
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Esko Dijk
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Carsten Bormann
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Esko Dijk
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Carsten Bormann
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Carsten Bormann
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Thomas Fossati
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Esko Dijk
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Carsten Bormann
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Esko Dijk
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Marco Tiloca
- Re: [core] [CoRE] Working Group Last Call (WGLC) … Carsten Bormann