Re: [Gen-art] Telechat review of draft-ietf-oauth-pop-architecture-07
"Matt Miller (mamille2)" <mamille2@cisco.com> Thu, 17 December 2015 17:40 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97C451A1BB0; Thu, 17 Dec 2015 09:40:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amy5hCWkKBia; Thu, 17 Dec 2015 09:40:56 -0800 (PST)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A970B1B2FF6; Thu, 17 Dec 2015 09:40:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7062; q=dns/txt; s=iport; t=1450374052; x=1451583652; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=anshDuZii4G+tC35MgfyNzwypTquR/8Po/72kxpJYkw=; b=h8D6PCBX6UbtsFPeQ+je1rG/r4JWs+r+VcO8hp2UMm8P6K0XyuPkebuh 8xB6tx6whT9NOGmaqmw8P/ORni3U6tPfoZnA+I9z69Ay5HPaKRiYZ5zgM DUmUkmr8LzN4VrfXhzZOLH7fkuA9E3ZDTFtxWg+0uh8DHAzQNfPCi8EQG 0=;
X-Files: signature.asc : 496
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AHAwCP8nJW/5BdJa1egzpSbQatVYJLjTMOgWIhhWwCgTo4FAEBAQEBAQF/C4Q0AQEBAwF5BQsCAQgSAgQVGSEREwQOAgQOBQ6IDAMKCA65GQ2EKQEBAQEBAQEBAQEBAQEBAQEBAQERCYhlgWmBBoJTgW85H4MMgRoBBIYbDJBWAYJsgWJqgnGDJgaBcoFcSYN8gyiLeYNng3MBIAFDhARyAYN0AYEHAQEB
X-IronPort-AV: E=Sophos;i="5.20,442,1444694400"; d="asc'?scan'208";a="219162153"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Dec 2015 17:40:51 +0000
Received: from XCH-RCD-002.cisco.com (xch-rcd-002.cisco.com [173.37.102.12]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id tBHHep3m015765 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 17 Dec 2015 17:40:51 GMT
Received: from xch-aln-002.cisco.com (173.36.7.12) by XCH-RCD-002.cisco.com (173.37.102.12) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 17 Dec 2015 11:40:50 -0600
Received: from xch-aln-002.cisco.com ([173.36.7.12]) by XCH-ALN-002.cisco.com ([173.36.7.12]) with mapi id 15.00.1104.009; Thu, 17 Dec 2015 11:40:50 -0600
From: "Matt Miller (mamille2)" <mamille2@cisco.com>
To: "phil.hunt@yahoo.com" <phil.hunt@yahoo.com>
Thread-Topic: Telechat review of draft-ietf-oauth-pop-architecture-07
Thread-Index: AQHROHKX7OgMrOJURUmdUF2gh1w8Mp7O4nMAgABNxACAAKedgA==
Date: Thu, 17 Dec 2015 17:40:50 +0000
Message-ID: <75F4B797-ACE7-4079-B188-5682C010B5FB@cisco.com>
References: <2A457E0F-1ADC-4C4A-B6C8-3B29DEF46BAF@cisco.com> <CAHbuEH6TXnXdiFsyCStAZmOFwEEvoBWbf_DdSX7a3m=CW1FJag@mail.gmail.com> <7B128318-4EBC-49FE-BECE-57A2061AF6EB@yahoo.com>
In-Reply-To: <7B128318-4EBC-49FE-BECE-57A2061AF6EB@yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-pgp-agent: GPGMail 2.6b2
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [64.101.72.31]
Content-Type: multipart/signed; boundary="Apple-Mail=_7054BD56-728F-46B7-B18E-68FC9FECDBBF"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/GXBq--VM6xFyYueZLYg4LuH8U5Y>
Cc: "draft-ietf-oauth-pop-architecture.all@ietf.org" <draft-ietf-oauth-pop-architecture.all@ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>, "gen-art@ietf.org" <gen-art@ietf.org>
Subject: Re: [Gen-art] Telechat review of draft-ietf-oauth-pop-architecture-07
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 17:40:58 -0000
Thanks for the responses, Phil and Kathleen. I look forward to reviewing the next version! My apologies for not getting to it sooner, but since it was going back for some other revisions, I feel slightly less guilty for being so late (-: -- - m&m Matt Miller Cisco Systems, Inc. > On Dec 17, 2015, at 00:40, phil.hunt@yahoo.com wrote: > > Matt > > Thanks for the great review. As Kathleen mentioned, there are some other changes we have to make that will push the draft back. Never-the-less I will take into account all the reviewer comments in the next draft. > > All your comments seem very reasonable to me. > > Thanks, > > Phil > >> On Dec 17, 2015, at 04:02, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> wrote: >> >> Hi Matt, >> >> Thank you for your review! The editors will take these comments into >> consideration and discuss any updates. I'll note that the draft was >> pulled from the telechat and will likely not go through last call >> again until sometime around Buenos Aires due to some other changes >> that came up. You may see this one again. >> >> Thanks, >> Kathleen >> >> On Wed, Dec 16, 2015 at 9:28 PM, Matt Miller (mamille2) >> <mamille2@cisco.com> wrote: >>> I am the assigned Gen-ART reviewer for this draft. The General Area >>> Review Team (Gen-ART) reviews all IETF documents being processed >>> by the IESG for the IETF Chair. Please treat these comments just >>> like any other last call comments. >>> >>> For more information, please see the FAQ at >>> >>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. >>> >>> Document: draft-ietf-oauth-pop-architecture-07 >>> Reviewer: Matthew A. Miller >>> Review Date: 2015-12-16 >>> IETF LC End Date: 2015-12-15 >>> IESG Telechat date: 2015-12-17 >>> >>> Summary: Almost ready. >>> >>> I have several editorial nits, but also a couple of minor concerns that >>> I think would improve this document's readability. >>> >>> I note that idnits complained about the lack of RFC 2119 boilerplate; >>> however, I think the text actually used in this document is most >>> appropriate and still conveys the intent. The idnits also complained >>> about a reference to an obsolete RFC 5849; however, this reference >>> appears to be intentional and necessary. >>> >>> ----- >>> >>> Major issues: >>> >>> Nnne. >>> >>> Minor issues: >>> >>> 1. In Section 1. Introduction, the last paragraph makes it seem the >>> document isn't organized properly. It implies an order to read the >>> document that is not reflected in the outline: >>> >>> * Section 1 >>> * Section 2 >>> * Section 3 >>> * Section 4 >>> * Section 6 >>> * Section 7 >>> * Section 5 >>> >>> Simply re-ording the document I think causes bigger problems. While >>> the intro hints at the order to read, it makes more sense to me in >>> the order it actually is. Ultimately, for me the problem arises with >>> the word "concludes". It might simply be enough to change the last >>> participle from ", and concludes with a requirements list in Section 5." >>> to ", and lists requirements in Section 5." >>> >>> 2. In several places, terms of art are used that have not been defined >>> in this document: "resource server", "protected resource", etc. I >>> think it would help if Section 2. indicated where these terms are >>> defined or discussed, which is RFC 6749. >>> >>> >>> Nits/editorial comments: >>> >>> * The reference to draft-ietf-oauth-proof-of-possession-08 should be >>> updated to its latest version, although I expect RFC Editor will >>> resolve this before publication. >>> >>> * The reference to RFC 4347 should be updated to 6347; there's no clear >>> requirement for the older document. >>> >>> * In Section 3.1 Preventing Access Token Re-Use by the Resource Server, >>> "with other resource server" should be either "with another resource >>> server" or "with other resource servers". >>> >>> * In Section 3.2 TLS and DTLS Channel Binding Support, "entity entity" >>> should be "entity". >>> >>> * In section 3.4 Offering Application Layer End-to-End Security, The >>> last sentence of the last paragraph seems out of place. It seems it >>> would be better as the penultimate sentence of the previous paragraph. >>> >>> * In section 4. Security and Privacy Threats under "Token >>> manufacture/modification", "causing resource server" should be "causing >>> the resource server". >>> >>> * Also in Section 4. Security and Privacy Threats under "Token >>> manufacture/modification", the normative language here seems out of >>> place. It seems to me that 'may' conveys just as much as 'MAY' for >>> how it is used here. >>> >>> * In Section 5. Requirements under "Prevent the Domino Effect", >>> "Resource Server" is capitalized differently than all previous uses, >>> but it doesn't seem to be a different use. I suggest changing it to >>> "resource server". >>> >>> * In Section 6.3. Key Confirmation, uses the term "privacy key" where >>> I believe the common nomenclature is "private key". >>> >>> * In Section 7. Client and Authorization Server Interaction, I find >>> most of the figures a little hard to follow. While I appreciate the >>> attempt to go beyond strict perpendicularity, I find it distracting >>> from the information it is trying to convey. >>> >>> * In Section 7.1 Symmetric Keys, I think the "three ways for >>> communicating this session key" would benefit having bullets or >>> outline numbers. >>> >>> * In Section 10. Acknowledgements, the second paragraph discusses an >>> appendix that borrows content from another document, but there is no >>> appendix in this draft. Is this text still relevant? >>> >>> >>> -- >>> - m&m >>> >>> Matt Miller >>> Cisco Systems, Inc. >> >> >> >> -- >> >> Best regards, >> Kathleen
- [Gen-art] Telechat review of draft-ietf-oauth-pop… Matt Miller (mamille2)
- Re: [Gen-art] Telechat review of draft-ietf-oauth… Kathleen Moriarty
- Re: [Gen-art] Telechat review of draft-ietf-oauth… Phil Hunt
- Re: [Gen-art] Telechat review of draft-ietf-oauth… Matt Miller (mamille2)