[Gen-art] Gen-ART Last Call review of draft-hodges-webauthn-registries-05

Paul Kyzivat <pkyzivat@alum.mit.edu> Mon, 13 April 2020 18:19 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 511223A1B0E; Mon, 13 Apr 2020 11:19:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.99
X-Spam-Level:
X-Spam-Status: No, score=-1.99 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=alum.mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzzbqcG79rRC; Mon, 13 Apr 2020 11:19:11 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2045.outbound.protection.outlook.com [40.107.94.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 587843A1B0B; Mon, 13 Apr 2020 11:19:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j0P/ahmwhSx1RLBgZGhFjxnsH2N9IBV+CsIsjZ4hke/J4JRTq6/Q22VWoFE3F43hYB3XIjRbEUEdCCvFbdB+O25RzPGuWHBRSIciv+A1Dz+3BOFWezNtkSFtLK/n0Cj0kjkbenlz+W2ucDfBR7mIc81DfwQbJNE7YmTWezpgkJ7QnL0gCTljQGCrXBvgoX1jywXCMHcsQg8dloBQhPoV+mL+nS0vAwARQdUZe93AebQ97D9iBWLwYo2U6frUw7V4Tc0TwIHUOgua2pK1waOrMI4YFHBiXM1i6VsLU7EWRYP/NdFx9Ml2pYw9NhjHxwd3u3LEuAS7YUgb0IR0bv4sqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WMXEqWJTY10AxJO9QcrU7YlPS9YVKxUte4kHSbUmzg0=; b=fHne7f2U1KIISpHNLGILIciKgyyFg2/IsS6XpFU6BMHydlj7LcvJFB26fsjwBNJGU5bPsxB60GPkmwrx0sOjqU1A2Y2tIUdFNDkqqJzMw3YF/hxOmzLpW7nvpZiMA4Vvyx52Yqq0uTYwXBM4zuGy7h8GMw1IuKOpdA+kvxzqKru1EoCpf4p4C36jjm6BE0lDtXxCrmhOAR51J6TtszMULA9iycGH+Krp/lEJpIxGm8uPdrs1dQmLZHBQsmMISf29p3dR7T90x/JDbQCuh19iVI7UIe8XZqyxbGlTOio1IznqpAGv3COcRMP2K/of6D3d02nZHHzF7NMjCVZ8T+VlBw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.7.68.33) smtp.rcpttodomain=ietf.org smtp.mailfrom=alum.mit.edu; dmarc=bestguesspass action=none header.from=alum.mit.edu; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alum.mit.edu; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WMXEqWJTY10AxJO9QcrU7YlPS9YVKxUte4kHSbUmzg0=; b=H+nTuNSsevmK0XUL0ER8cdoEI7PIoo70dM10eEO6+u63sG+Dc2jSnqs/NAbiLFlFa0IqxY5YMl93ILcS/6VRA50NCARZ6+y5KHxxehUaoCuWUuBQoUAeTbEu0fhaBXOYw9aRqJhn3tqK6D0ww59ZwzB94bs6RZaqfa+fjqIKkKQ=
Received: from CY4PR22CA0078.namprd22.prod.outlook.com (2603:10b6:903:ad::16) by CY4PR12MB1511.namprd12.prod.outlook.com (2603:10b6:910:4::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.26; Mon, 13 Apr 2020 18:19:06 +0000
Received: from CY1NAM02FT023.eop-nam02.prod.protection.outlook.com (2603:10b6:903:ad:cafe::bf) by CY4PR22CA0078.outlook.office365.com (2603:10b6:903:ad::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15 via Frontend Transport; Mon, 13 Apr 2020 18:19:06 +0000
Authentication-Results: spf=pass (sender IP is 18.7.68.33) smtp.mailfrom=alum.mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=alum.mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of alum.mit.edu designates 18.7.68.33 as permitted sender) receiver=protection.outlook.com; client-ip=18.7.68.33; helo=outgoing-alum.mit.edu;
Received: from outgoing-alum.mit.edu (18.7.68.33) by CY1NAM02FT023.mail.protection.outlook.com (10.152.74.237) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2900.15 via Frontend Transport; Mon, 13 Apr 2020 18:19:06 +0000
Received: from Kokiri.localdomain (c-24-62-227-142.hsd1.ma.comcast.net [24.62.227.142]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.14.7/8.12.4) with ESMTP id 03DIJ4cu016547 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 13 Apr 2020 14:19:04 -0400
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
To: draft-hodges-webauthn-registries.all@ietf.org
Cc: General Area Review Team <gen-art@ietf.org>
Message-ID: <b3afc71e-8a7f-ed0e-a3e6-b68bfb312d47@alum.mit.edu>
Date: Mon, 13 Apr 2020 14:19:03 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.7.68.33; CTRY:US; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:outgoing-alum.mit.edu; PTR:outgoing-alum.mit.edu; CAT:NONE; SFTY:; SFS:(10009020)(136003)(396003)(376002)(346002)(39860400002)(46966005)(786003)(186003)(316002)(75432002)(7596003)(336012)(246002)(36906005)(8936002)(4326008)(70206006)(70586007)(26005)(86362001)(450100002)(26826003)(31696002)(478600001)(356005)(47076004)(8676002)(2616005)(2906002)(956004)(6916009)(82740400003)(5660300002)(31686004); DIR:OUT; SFP:1101;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 40ec7b4c-35aa-4ede-32f5-08d7dfd726ff
X-MS-TrafficTypeDiagnostic: CY4PR12MB1511:
X-Microsoft-Antispam-PRVS: <CY4PR12MB151170727F5DF3A79C23A8FEF9DD0@CY4PR12MB1511.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;
X-Forefront-PRVS: 037291602B
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: l2ntfK3vc9N70AasKwlPF7L0zZ6jriRmJG39CijFV38Lf/yUgEXUs8ueAEX2LrPW4PSndcxNBSDfU/iVJWglUxIL3eRhMep0HkuJk5/rexwYRcr9lJ/r7slsX9JT89Tso6YCGQ6WPzgbq22hrXz9lfMkaYfnsJ7xgU9mMHCmv48LfB+9G8eX7A2Tcb/7aUpDdklx0FSy+MpxwmW4b7NotrwYCO1UxZPG8vMQ0euM+KtwrjARO5YhVOiZki7GkTaIklLmQeqT8D2R5gb/K92KIBbZ3FFM5IKMP9cOFXk3kBnf6xIWNrvkKYwUjM4r4SFliCDsDh/ms9vOoXhtfg1FWjrDJUB763SQwXokQGTYrwzF/771grdJZ/a4NK4ZKIW1NjxtCLLUY+gvn8Ufrc5sVYx3t0nSqlOpes0nDsPokIzKXG7pM05/cGV0x0vROwlLVZoKpkXG5fvoWXYcE4dSlZNoFUvwegO3NHFGAI/yiDucewEyfCIDNQLQHLzyij6dzNxPKwCbBLCmY8B5xw5BVEa+1gtz9Y4DQyCedA66cGfxugJ4Gc/vJEBsPLO5QT9CUbQW/GAr3Jzk52Sk+MG+Vg==
X-OriginatorOrg: alum.mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Apr 2020 18:19:06.0046 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 40ec7b4c-35aa-4ede-32f5-08d7dfd726ff
X-MS-Exchange-CrossTenant-Id: 3326b102-c043-408b-a990-b89e477d582f
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3326b102-c043-408b-a990-b89e477d582f; Ip=[18.7.68.33]; Helo=[outgoing-alum.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR12MB1511
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/9QVeshWi27KQEVEjoKPYaPBkOSU>
Subject: [Gen-art] Gen-ART Last Call review of draft-hodges-webauthn-registries-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Apr 2020 18:19:17 -0000

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-hodges-webauthn-registries-05
Reviewer: Paul Kyzivat
Review Date: 2020-04-13
IETF LC End Date: 2020-04-29
IESG Telechat date: ?

Summary:

This draft is on the right track but has open issues, described in the 
review.

Issue: Additional registry fields defined by experts

Section 2 specifies that experts are allowed to define additional fields 
to be collected in the registry. It isn't clear to me how this is 
intended to work, or could work. Some concerns that come to mind are:

* Is this on a per-registration basis? Once a new field has been 
requested, must that field be retroactively added to all preexisting 
registrations and all future entries in the registry?

* How will someone who is consulting the registry discover the meaning 
of the new fields?

* Does IANA have procedures to handle this sort of modification to the 
registries?

ISTM that the "Notes" field can already be used for extra 
format-specific data. Adding additional fields that apply to all entries 
would be better served by a formal revision to the registry.

If you really want to preserve this ability for experts to add fields 
then you need to specify in great detail how this is to work, and verify 
with IANA that it is feasible.

Otherwise the document seems ready to go.