Re: [Gen-art] Gen-ART Last Call review of draft-ietf-oauth-amr-values-04
Mike Jones <Michael.Jones@microsoft.com> Tue, 17 January 2017 22:51 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C300712941D; Tue, 17 Jan 2017 14:51:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.147
X-Spam-Level:
X-Spam-Status: No, score=-3.147 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.156, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SVnTvjUVysC3; Tue, 17 Jan 2017 14:51:13 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0116.outbound.protection.outlook.com [104.47.38.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A92171293FC; Tue, 17 Jan 2017 14:51:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=2kYCmEISRq0Urnz2guDGmvdjO98DvEw3CEqhd40uJbk=; b=JGlHbXX1l05SmF3FRrawNZAp5TPMnQUCohpJaWB7R37HfUULmHJbqUPRJe2F2DQFTGE4qXcPB5vqpFrG/2uXKKnnK+o7jY6EfDoOPlz6wwrKduEtbybBcLRNdfkjISzJdBJyCre+YlufLI0F1HQnGVn76kIWOD+CUcx39VSf6GI=
Received: from BN3PR03MB2355.namprd03.prod.outlook.com (10.166.74.150) by BN3PR03MB2353.namprd03.prod.outlook.com (10.166.74.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.845.12; Tue, 17 Jan 2017 22:51:10 +0000
Received: from BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) by BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) with mapi id 15.01.0845.013; Tue, 17 Jan 2017 22:51:10 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, "draft-ietf-oauth-amr-values.all@ietf.org" <draft-ietf-oauth-amr-values.all@ietf.org>
Thread-Topic: Gen-ART Last Call review of draft-ietf-oauth-amr-values-04
Thread-Index: AQHSVAyQ4ctU0mLAX0CA15AGwGcZ2KE9d7vQ
Date: Tue, 17 Jan 2017 22:51:10 +0000
Message-ID: <BN3PR03MB2355CADD82A7EF17954B9B71F57C0@BN3PR03MB2355.namprd03.prod.outlook.com>
References: <1ed0ca62-46cb-df58-0626-98c2b0598679@alum.mit.edu>
In-Reply-To: <1ed0ca62-46cb-df58-0626-98c2b0598679@alum.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:3::7c0]
x-ms-office365-filtering-correlation-id: c39d4c51-ae83-43dc-21f8-08d43f2b54b7
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:BN3PR03MB2353;
x-microsoft-exchange-diagnostics: 1; BN3PR03MB2353; 7:MKtiGLtLFQPBdMO2uMaYr6MEPr16wlzWzBMZkYNpj9/I1IkED4oODQnYUjTZWKVaCpKfGlcb7bqBmkgzsnkURGjgnn4UeeXeeQ0dPqy4fNZT0YMSkr9h0yAeiddH30pBkETsWtHNdVrdeEzz3niC7eOHkzSRzJdmyoZ8bmkAfViGQk/mm9MFO8AlU+guCk1a0gCG7AWn1xLv+jiU3MatKH9/lB8NXOFXhcYWqpq8PikyLZ/bS9hYiYZ/vobWIWPHw/PBm8Vv7q3VOeIFGf90nQUej5iLBn3L22kRkP0Apj90IKBTmRrnDXwFFy05z+WiLMYKxsu3moyRC9yVYS7FGB96dTmO/rGih4ni+0bjZ+i6OxhTEe0lervjDHWPSkcOyr3GSN3LB5GGi4Ae6BE45QEzyo2Jkd+Gyv8arP1UsN8xWLgHvEedav4xN/r7gbNFpDS2GiKUDyjy4lbGr+3rJ3nbkq9vyOHKlZxHSgV+6DQ=
x-microsoft-antispam-prvs: <BN3PR03MB235382BDAC08EFD75471EC68F57C0@BN3PR03MB2353.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123555025)(20161123562025)(20161123564025)(20161123560025)(6072148)(6047074); SRVR:BN3PR03MB2353; BCL:0; PCL:0; RULEID:; SRVR:BN3PR03MB2353;
x-forefront-prvs: 01901B3451
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(39840400002)(39410400002)(39850400002)(39860400002)(39450400003)(377454003)(43784003)(189002)(199003)(377424004)(13464003)(3660700001)(189998001)(229853002)(92566002)(86362001)(86612001)(2900100001)(6116002)(101416001)(38730400001)(106356001)(2950100002)(33656002)(53936002)(2501003)(105586002)(7906003)(7736002)(790700001)(102836003)(4326007)(106116001)(5660300001)(4001150100001)(76176999)(54356999)(122556002)(6506006)(8936002)(8990500004)(68736007)(81156014)(8676002)(2906002)(606005)(236005)(9686003)(55016002)(2171001)(7696004)(97736004)(54896002)(6436002)(10090500001)(77096006)(99286003)(5001770100001)(74316002)(10290500002)(25786008)(50986999)(6306002)(230783001)(81166006)(5005710100001)(3280700002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR03MB2353; H:BN3PR03MB2355.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN3PR03MB2355CADD82A7EF17954B9B71F57C0BN3PR03MB2355namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Jan 2017 22:51:10.1332 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR03MB2353
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/gWetxLSxHb-o7Fke3Vd8KuJbd48>
Cc: General Area Review Team <gen-art@ietf.org>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-oauth-amr-values-04
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2017 22:51:15 -0000
Thanks for taking the time to review the specification, Paul. We appreciate it! Replies are inline below... -----Original Message----- From: Paul Kyzivat [mailto:pkyzivat@alum.mit.edu] Sent: Sunday, December 11, 2016 4:13 PM To: draft-ietf-oauth-amr-values.all@ietf.org Cc: General Area Review Team Subject: Gen-ART Last Call review of draft-ietf-oauth-amr-values-04 I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Document: draft-ietf-oauth-amr-values-04 Reviewer: Paul Kyzivat Review Date: 2016-12-11 IETF LC End Date: 2016-12-13 IESG Telechat date: Summary: This draft is on the right track but has open issues, described in the review. It is generally well written, with much better guidelines for expert reviewers than I typically see. Disclaimer: I'm not well versed in JSON Web Tokens, so I have not considered the pros/cons of having this registry or of the specific values being registered. I have focused on the mechanics of the draft. Issues: Major: 0 Minor: 2 Nits: 0 (1) Minor: Section 6.1 says: IANA must only accept registry updates from the Designated Experts and should direct all requests for registration to the review mailing list. This is inconsistent with the way IANA Expert Review works, as defined in section 3.3 of RFC5526. Requests go through some channel (e.g. IESG review for standards track RFCs) to the editor and then IANA actions requiring expert review are referred to a designated expert. The expert then approves or denies the request, and approved requests are acted upon by IANA. Direction of requests to a mailing list is not an IANA function, but could be done by the expert. Please revise the text and procedures to be consistent with the way Expert Review is intended to work. The procedure in the specification is the same as that for JWTs, which can be found in https://tools.ietf.org/html/rfc7519#section-10.1. This, in turn is based on the OAuth registration procedures, which can be found in https://tools.ietf.org/html/rfc6749#section-11. These procedures are already working well in practice, and by design, provide for public visibility of the experts’ deliberations before the designated experts contact IANA about approved registrations. Also, per the last paragraph of Section 6.1, it was an explicit goal to be able to reuse the JWT registration procedures and experts. Therefore, I don’t believe that the current registration language should be changed. (2) Minor: Section 6.1.1: There is no specification of the specific character values allowed for AMR names. This ought to be defined in such a way that IANA can enforce it. If not, then there need to be criteria that are to be enforced by the designated expert. And exactly what is meant by case-sensitive? It is well defined over ASCII, so this may be ok if the character set is a subset of ASCII, but not if it covers a broader subset of Unicode. It would perhaps be better to define the matching more precisely, such as in terms of octets. While names are case-sensitive, is it acceptable to register two names that differ only in case? (Again, this is strictly speaking only relevant for certain alphabets. But there are rules defined for Unicode to avoid values that have confusingly similar renderings.) Please tighten this up. This is a good point. I propose that the character set language from https://tools.ietf.org/html/rfc7638#section-6 also be applied here. Please let me know if you agree and if so, I’ll update the specification accordingly. Thanks again, -- Mike
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Paul Kyzivat
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Mike Jones