Re: [Gen-art] [Last-Call] Genart last call review of draft-ietf-acme-authority-token-tnauthlist-07
Lars Eggert <lars@eggert.org> Mon, 29 November 2021 11:37 UTC
Return-Path: <lars@eggert.org>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B9AA3A077E; Mon, 29 Nov 2021 03:37:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=eggert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KOif7_W33Pka; Mon, 29 Nov 2021 03:37:43 -0800 (PST)
Received: from mail.eggert.org (mail.eggert.org [91.190.195.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B62C3A07F2; Mon, 29 Nov 2021 03:37:40 -0800 (PST)
Received: from smtpclient.apple (unknown [IPv6:2a00:ac00:4000:400:c1a3:8155:80b9:705b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.eggert.org (Postfix) with ESMTPSA id B5D09601FC2; Mon, 29 Nov 2021 13:37:28 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=eggert.org; s=dkim; t=1638185848; bh=bKFh+zjl6LfngyfY9hRbJ8QbbC/66mPlUQsXzOXHBSg=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=L6aYQCT2lxb9IJl2Z3C6o4Wg5C0vW9SjUM3X8toBZne/49IjB8dYM00Srijc9pmJN 3yH4S+WogJMDlahv1miI1jGNT6JBQTb5UWH4jI1YC7+ms9UqZjJkBGGQbSn6oStD+U hyyALvwYQqFvpnpF0t/nV2buPV4ityd/M6PAHMIE=
Content-Type: multipart/signed; boundary="Apple-Mail=_EDFFBC8F-1EAE-4DE9-97AE-C1B6CDBA5168"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
From: Lars Eggert <lars@eggert.org>
In-Reply-To: <161583881825.8641.7955612326367134151@ietfa.amsl.com>
Date: Mon, 29 Nov 2021 13:37:27 +0200
Cc: gen-art@ietf.org, draft-ietf-acme-authority-token-tnauthlist.all@ietf.org, last-call@ietf.org, acme@ietf.org
Message-Id: <0800E776-E6D3-4B47-9584-8A9B7CDEE232@eggert.org>
References: <161583881825.8641.7955612326367134151@ietfa.amsl.com>
To: Pete Resnick <resnick@episteme.net>
X-MailScanner-ID: B5D09601FC2.A6367
X-MailScanner: Found to be clean
X-MailScanner-From: lars@eggert.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/39F0cvlrbFYM_FuQa11FG9oA0WQ>
Subject: Re: [Gen-art] [Last-Call] Genart last call review of draft-ietf-acme-authority-token-tnauthlist-07
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2021 11:37:49 -0000
Pete, thank you for your review. I have entered a No Objection ballot for this document. Lars > On 2021-3-15, at 22:06, Pete Resnick via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Pete Resnick > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-acme-authority-token-tnauthlist-07 > Reviewer: Pete Resnick > Review Date: 2021-03-15 > IETF LC End Date: 2021-03-16 > IESG Telechat date: Not scheduled for a telechat > > Summary: > > Looks fine. Some of the MUSTs look weird or superfluous to me and could > probably use a scrub, and a couple are a bit confusing, but none is so bad that > I would raise them as an "issue"; call them "nits/editorial comments". > > Major issues: > > None > > Minor issues: > > None > > Nits/editorial comments: > > Section 1: It's not clear to me what the purpose of the third paragraph in the > intro is. It sounds like it's just describing section 9 of RFC 8226, but it is > not distinguishing it from or comparing it to this document. Is it really > needed? > > Section 3: > > Instead of a reference to 7.4 of RFC 8555, perhaps a reference to section 7 > generally would help, or perhaps a reference later in this section to 7.1.4. > Once I got down to the examples, I had to go look at 7.1.4 to familiarize > myself with the operation to understand what I was looking at. > > Total nit, and just a personal pet peeve: It always seems silly to me to use > MUST where the meaning of that word is "MUST do what the protocol we are hereby > defining says to do". So instead of "MUST include", it could simply be > "includes", and "MUST be" could be "is" in the two places it occurs. These > three did not cause any significant confusion, whereas the ones is section 4 > and 5.4 did cause some (see below). Either way, you should review all of them > in the document and decide what is truly needed. > > Section 4: > > Where it says, "a CA MUST use the Authority Token challenge type of "tkauth-01" > with a "tkauth-type" of "atc"", I am left to wonder what other choice the CA > might make such that you have to warn it that it MUST use these. Why is "uses" > not sufficient? > > Conversely, when you say that the "token-authority" parameter is "optional" > (did you mean OPTIONAL): Is that really true? Is it that it MUST be used "in > cases where the VoIP telephone network requires the CA to identify the Token > Authority" (in which case it's not OPTIONAL), or is that simply an operational > consideration, and protocol-wise it is truly OPTIONAL? On the other hand, the > MAY and MUST at the end of the paragraph seem more appropriately to be "can" > and "can only". And the MUST in the following paragraph seems like another of > the ones in which you could change "MUST respond" to "responds". > > Section 5: > > The last paragraph seems superfluous. > > Section 5.4: > > The MUST NOT in the third bullet actually caused me a bit of confusion: I tried > to read it as a requirement of this document. I think you mean "is not" instead > of "MUST NOT be". > > Section 5.5: > > The response to the POST request if successful MUST return a 200 OK > with a JSON body that contains, at a minimum, the TNAuthList... > > I think instead you mean: > > The response to the POST request if successful returns a 200 OK with > a JSON body that MUST contain, at a minimum, the TNAuthList... > > Then you won't need the "...however..." bit at the end of the next sentence. > > In the last paragraph, why "SHOULD" and not "MUST"? > > > > -- > last-call mailing list > last-call@ietf.org > https://www.ietf.org/mailman/listinfo/last-call
- [Gen-art] Genart last call review of draft-ietf-a… Pete Resnick via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Chris Wendt
- Re: [Gen-art] [Last-Call] Genart last call review… Lars Eggert