Re: [Extra] Roman Danyliw's No Objection on draft-ietf-extra-quota-07: (with COMMENT)
Alexey Melnikov <alexey.melnikov@isode.com> Thu, 21 October 2021 12:13 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D25513A15F8; Thu, 21 Oct 2021 05:13:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id px29hyARU6ZU; Thu, 21 Oct 2021 05:13:31 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id E2D8B3A1622; Thu, 21 Oct 2021 05:13:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1634818409; d=isode.com; s=june2016; i=@isode.com; bh=CkhLvkfUOQvn5Hrd1/DX6uY+Bkq/0vMw3SCAyqqciyg=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=mSdGu6pew2Jj/qW+CVht8vWlSEix7VMp65BgP3ldb9l6pI2Aq/swnzy1t4lK63CyEpXhe1 rgwTriedchA0dMjZ1J+rqxpjgyR/j7NAHZhDJYTW9N45v75V64gMmjoRL3yN4dO7cclrBA Qr+EzRmqVizWsWcOsL6Kre6Vt2j58Uc=;
Received: from [172.27.249.49] (connect.isode.net [172.20.0.43]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <YXFZaAABR7yI@waldorf.isode.com>; Thu, 21 Oct 2021 13:13:29 +0100
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Cc: extra@ietf.org, brong@fastmailteam.com, extra-chairs@ietf.org, draft-ietf-extra-quota@ietf.org
References: <163457612934.21610.4856307069616515816@ietfa.amsl.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <92ecf57b-8150-11ab-9e2b-de6e131850ff@isode.com>
Date: Thu, 21 Oct 2021 13:13:28 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
In-Reply-To: <163457612934.21610.4856307069616515816@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/KZCzA6zqdrDT7u39whCQh3UuDhw>
Subject: Re: [Extra] Roman Danyliw's No Objection on draft-ietf-extra-quota-07: (with COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Oct 2021 12:13:37 -0000
Hi Roman, Thank you for your comments. On 18/10/2021 17:55, Roman Danyliw via Datatracker wrote: > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > ** Section 8. Should the prohibition on revealing quota information be a bit > stronger? OLD In > particular, no quota information should be disclosed to anonymous > users. > > NEW > In particular, quota information SHOULD be disclosed only to authenticated and > authorized users All QUOTA commands are only available once the user is authenticated. However this gets a bit complicated, because "anonymous" users are classes as authenticated in SASL framework (when SASL ANONYMOUS authentication mechanism is used). What I am trying to say is that the current text is actually more strict than some interpretations of your text. In regards to "and authorized". Historically there are no per user control in server implementations about who can see quota information. I am a bit doubtful that server implementations would implement such control unless there is clearly provided benefits. > ** Section 8. Should it be noted that computing remaining resources might > incur a load on the server. Implementers might want to rate limit or return > less precise computations when under higher load? I see your point. I am more inclined to recommend caching this information. I've added some text on this. > ** Typos > Section 3.2. Typo. s/arbitary/arbitrary/ > > Section 3.2. Typo. s/dependant/dependant/ Thanks, I already fixed these.
- [Extra] Roman Danyliw's No Objection on draft-iet… Roman Danyliw via Datatracker
- Re: [Extra] Roman Danyliw's No Objection on draft… Alexey Melnikov
- Re: [Extra] Roman Danyliw's No Objection on draft… Roman Danyliw