Re: [DNSOP] Passive DNS - Common Output Format (draft-dulaunoy-kaplan-passive-dns-cof-01)

"L. Aaron Kaplan" <kaplan@cert.at> Thu, 27 February 2014 17:15 UTC

Return-Path: <kaplan@cert.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36A741A0415 for <dnsop@ietfa.amsl.com>; Thu, 27 Feb 2014 09:15:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.679
X-Spam-Level:
X-Spam-Status: No, score=-0.679 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_AT=0.424, HOST_EQ_AT=0.745, J_CHICKENPOX_32=0.6, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 539lx5O3EezF for <dnsop@ietfa.amsl.com>; Thu, 27 Feb 2014 09:15:46 -0800 (PST)
Received: from nuwen.cert.at (nuwen.cert.at [IPv6:2a02:850:5:64::2]) by ietfa.amsl.com (Postfix) with ESMTP id 002001A03AB for <dnsop@ietf.org>; Thu, 27 Feb 2014 09:15:45 -0800 (PST)
Received: from cleophus.intern.cert.at (cleophus.intern.cert.at [172.21.47.118]) by nuwen.cert.at (Postfix) with ESMTP id 6CF2324124; Thu, 27 Feb 2014 18:15:34 +0100 (CET)
Received: from [172.21.48.118] (unknown [172.21.48.118]) by cleophus.intern.cert.at (Postfix) with ESMTPS id 3D1D6341764; Thu, 27 Feb 2014 18:15:37 +0100 (CET)
Content-Type: multipart/signed; boundary="Apple-Mail=_C044B48B-B819-4D50-83D6-071FAD8EF4DD"; protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: "L. Aaron Kaplan" <kaplan@cert.at>
In-Reply-To: <alpine.LSU.2.00.1402271701230.18502@hermes-1.csi.cam.ac.uk>
Date: Thu, 27 Feb 2014 18:15:29 +0100
Message-Id: <22BA26A2-4423-486C-9886-46F6CAFB43A3@cert.at>
References: <52D298FB.3080100@redbarn.org> <52D6E0AB.807@redbarn.org> <alpine.LSU.2.00.1401161404280.13642@hermes-2.csi.cam.ac.uk> <80FDE505-1ADC-4451-8A74-51CFFE681A1C@cert.at> <alpine.LSU.2.00.1402271701230.18502@hermes-1.csi.cam.ac.uk>
To: Tony Finch <dot@dotat.at>
X-Mailer: Apple Mail (2.1510)
X-CERTat-MailScanner-ID: 6CF2324124.A8CC5
X-CERTat-MailScanner: Found to be clean
X-CERTat-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-2.9, required 5, autolearn=not spam, ALL_TRUSTED -1.00, BAYES_00 -1.90)
X-CERTat-MailScanner-From: kaplan@cert.at
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/JclbACNq8aVLPtTYKcOgh2kLTZo
X-Mailman-Approved-At: Thu, 27 Feb 2014 09:19:15 -0800
Cc: Dulaunoy Alexandre <Alexandre.Dulaunoy@circl.lu>, dnsop@ietf.org
Subject: Re: [DNSOP] Passive DNS - Common Output Format (draft-dulaunoy-kaplan-passive-dns-cof-01)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 17:15:48 -0000

On Feb 27, 2014, at 6:04 PM, Tony Finch <dot@dotat.at>; wrote:

> L. Aaron Kaplan <kaplan@cert.at>; wrote:
> 
>> I agree. You probably meant
>> 
>>   ws              = *(
>>                       %x20 |              ; Space
>>                       %x09                ; Horizontal tab
>>                      )
> 
> Er yes, typo :-)
> 
>>> How are sensor_id octet strings encoded as JSON strings?
>> 
>> Correct.
> 
> I need a bit more clarification than that :-)
All right then :)

> Section 3.5.1 of the -01
> version of your draft says that a sensor_id is an opaque octet string,
> which cannot safely be encoded as a JSON string because JSON strings have
> to be valid UTF-8.
> 
Okay, quite a nice catch. I would not have noticed that.

Since I am the only user of the sensor_id field right now, I'd say we remove the 
text:
  "The sensor_id is an opaque byte string as defined by RFC 5001 in
   section 2.3 [RFC5001].  The sensor_id MUST be escaped as defined in
   section 2.6 of RFC4627 [RFC4627]."
and just leave:
  "This field returns the sensor information where the record was seen. 
   This field is represented as a JSON [RFC4627] string."


Would that be OK for you?


> Tony.
> -- 
> f.anthony.n.finch  <dot@dotat.at>;  http://dotat.at/
> Plymouth, Biscay, FitzRoy: West, veering northwest, 7 to severe gale 9,
> perhaps storm 10 later. Very rough or high, occasionally very high. Rain or
> showers. Moderate, occasionally poor.

--- 
// L. Aaron Kaplan <kaplan@cert.at>; - T: +43 1 5056416 78
// CERT Austria - http://www.cert.at/
// Eine Initiative der nic.at GmbH - http://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg