Re: [Gen-art] Gen-ART Review of draft-ietf-eppext-tmch-smd-04

Jari Arkko <jari.arkko@piuha.net> Thu, 18 February 2016 08:18 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A7441B3698; Thu, 18 Feb 2016 00:18:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.006] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nkB6bmKFILw8; Thu, 18 Feb 2016 00:18:37 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 337B01B353E; Thu, 18 Feb 2016 00:18:37 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 32D6A2CCBF; Thu, 18 Feb 2016 10:18:35 +0200 (EET) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjDAefxr7F14; Thu, 18 Feb 2016 10:18:34 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 36AFC2CC9A; Thu, 18 Feb 2016 10:18:34 +0200 (EET) (envelope-from jari.arkko@piuha.net)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_959B8722-9008-45F5-9123-B306109A8F25"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.5.2
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <2D099350-6295-4486-8919-3E347CDCF109@vigilsec.com>
Date: Thu, 18 Feb 2016 10:18:33 +0200
Message-Id: <20EB4776-9221-4732-95D0-A666E6C9903B@piuha.net>
References: <46A1A261-E9F4-414D-AAD8-9C85A8B53283@vigilsec.com> <2D099350-6295-4486-8919-3E347CDCF109@vigilsec.com>
To: Russ Housley <housley@vigilsec.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/6gbjOLauwz8gBGj92xQAIPX6YP8>
Cc: draft-ietf-eppext-tmch-smd.all@ietf.org, IETF Gen-ART <gen-art@ietf.org>, IETF <ietf@ietf.org>
Subject: Re: [Gen-art] Gen-ART Review of draft-ietf-eppext-tmch-smd-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 08:18:40 -0000

Many thanks for your reviews, Russ.

I have looked at the document as well, looked up the reference, and agree with Russ’ comment that there is something missing. I would have wanted to talk about this issue wrt this document on tonight’s IESG telechat, but Stephen Farrell has already raised this point. I am interested in the matter being resolved, however.

Also, Gustavo, did you get a chance to look at Russ’ editorial comments? Those seem worthwhile to be addressed as well.

Thanks,

Jari

On 12 Feb 2016, at 18:57, Russ Housley <housley@vigilsec.com> wrote:

> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair. Please wait for direction from your
> document shepherd or AD before posting a new version of the draft.
> 
> For more information, please see the FAQ at
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
> 
> Document: draft-ietf-eppext-tmch-smd-04
> Reviewer: Russ Housley
> Review Date: 2016-02-12
> IETF LC End Date: 2015-12-04
> IESG Telechat date: 2016-02-18
> 
> Summary:  Not Ready
> 
> 
> Major Concerns:
> 
> 
> The Security Considerations include this paragraph:
> 
>   Signed Marks are used primarily for sunrise domain name registrations
>   in gTLDs, but other third-parties might be using them.  A party using
>   Signed Marks should verify that the digital signature is valid based
>   on local policy.  In the case of gTLDs, the RPM Requirements document
>   [ICANN-TMCH] defines such policy.
> 
> The RPM Requirements document [ICANN-TMCH] does not seem to say anything
> at all about validating a digital signature.
> 
> Protocols that make use of certificates perform some checks on the
> certificate subject name to ensure that it represents an appropriate
> signer.  That is missing from this document, and it is not contained in
> [ICANN-TMCH] either.
> 
> 
> Minor Concerns:
> 
> Section 2, second paragraph, I think that use of the phrase "in the
> appropriate objects" ass ambiguity.  I suggest:
> 
>   This section defines some elements as OPTIONAL.  If an elements is
>   not defined as OPTIONAL, then it MUST be included in the object.
> 
> The NOTE at the end of Section 2.3 about choosing an algorithm other
> that RSA-SHA256 is better suited for the Security Considerations.
> It would be helpful to say something more about the needed security
> strength.
> 
> Why is RFC5730 a normative reference?  I do not see a dependency.
> 
> 
> Other Editorial Comments:
> 
> Section 1: s/nothing precudle/nothing precludes/
> 
> _______________________________________________
> Gen-art mailing list
> Gen-art@ietf.org
> https://www.ietf.org/mailman/listinfo/gen-art