Re: [Gen-art] Genart last call review of draft-ietf-httpbis-expect-ct-07
Emily Stark <estark@google.com> Tue, 06 November 2018 17:22 UTC
Return-Path: <estark@google.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A799130DEF for <gen-art@ietfa.amsl.com>; Tue, 6 Nov 2018 09:22:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QLT1xm47HN5B for <gen-art@ietfa.amsl.com>; Tue, 6 Nov 2018 09:22:09 -0800 (PST)
Received: from mail-yw1-xc2f.google.com (mail-yw1-xc2f.google.com [IPv6:2607:f8b0:4864:20::c2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2EAA12F1AB for <gen-art@ietf.org>; Tue, 6 Nov 2018 09:22:08 -0800 (PST)
Received: by mail-yw1-xc2f.google.com with SMTP id h21-v6so5456935ywa.3 for <gen-art@ietf.org>; Tue, 06 Nov 2018 09:22:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ScTxqGZc1RmJjWvl1la0cgj/fCoR1aMKtiMAxJUfjPs=; b=QHftJgLxPxMsZXTUR/gcALaZWubuD6ryi86XTz9/2tjoVAimIU2zw1ZcuPgi74Qvc7 CrtsGxeUbrNtIc92F7Z4ii3sE5d1yWRYiFhBvjd7nQRQS8sM3RYNEUA+SmPb4eaFY0XP yvKHmNuZCi3ghewWkhmYPZXtOYszMU6otmNuSq/6spiMTE0GEl96/L41alFqyUy5CMkj h2I6ySL6TGpqcqvA2EV2ADHZ3yVXgWnUWqaF/wVNbHpirmU9nR1x7IWsdk/+Rcyv03kA aszvxFHFg8O765aO+4soDSM1zTKI6GJLRPEL+G4cYMTBBkGs5mbw6kTbgRGj/IVdRA62 sOeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ScTxqGZc1RmJjWvl1la0cgj/fCoR1aMKtiMAxJUfjPs=; b=ale4g38Lxrd4baTcgXT9y7u8vHfsdZFjJx1/JeVJC0TCryGldSnSP8ONtKtyN1W1UX iyZ+epCz3mX1xBZ/C1gbrOh9FKirob6eU5l9Do6SOPoym+egHy27qq8CPAcPtK8pJdwG 9kQxwC5Len6c92GXsVKyZGcQQTT+5gvSZ02Oj+fC9LV2/EVHinZTwkP24meLyFivnG+C J1wKk+W9lZq115cKYrPj1M6SW5buPChbK/cDZwzp3lk7oGBtuB5gP1Try1peuuy8LR9J huXzsLTx8IDQzPMqAptlZqMRLFYNwjDxIO6sAsdCWuDhJ1/dY/hcZTlQ9lVA90DTOmBP JW2A==
X-Gm-Message-State: AGRZ1gLjGN+Lru6EmRMxPlQ6X/T/AbcTCaDGvkPRvPkVp9lKV50FogHy EYX2VDrCgnCMf28TPCgdFtcY7cEWPCYyVeggpFm0TQ==
X-Google-Smtp-Source: AJdET5f1ZINh2nV3F58h5XDbHH7ZwqBwUqKQwZ9+5VCcC3QErjcTc/fUmC2Z154xRXoCag967iSPhgCJfeMxVoPI+04=
X-Received: by 2002:a0d:f1c4:: with SMTP id a187-v6mr1637705ywf.482.1541524927735; Tue, 06 Nov 2018 09:22:07 -0800 (PST)
MIME-Version: 1.0
References: <153373436209.6619.4659166145359716789@ietfa.amsl.com>
In-Reply-To: <153373436209.6619.4659166145359716789@ietfa.amsl.com>
From: Emily Stark <estark@google.com>
Date: Tue, 06 Nov 2018 09:21:55 -0800
Message-ID: <CAPP_2SabH04hizmJu-tABDnZkot3MJE+cqPo7bdqsqe9h4P0Cw@mail.gmail.com>
To: vijay.gurbani@nokia.com
Cc: gen-art@ietf.org, draft-ietf-httpbis-expect-ct.all@ietf.org, ietf@ietf.org, httpbis <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="000000000000bb5236057a023dd2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/rFOEOLFXQnb-9RpBYrswKhf8GVw>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-httpbis-expect-ct-07
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 17:22:11 -0000
Thanks for the comments! I've addressed these in https://github.com/httpwg/http-extensions/commit/98ba23ab8c7435f46f5e677cbea54cc215e07d24 (with some replies inline). On Fri, Aug 31, 2018 at 8:53 AM Vijay Gurbani <vijay.gurbani@nokia.com> wrote: > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-httpbis-expect-ct-?? > Reviewer: Vijay K. Gurbani > Review Date: 2018-08-08 > IETF LC End Date: 2018-08-14 > IESG Telechat date: Not scheduled for a telechat > > Summary: Ready with nits. > > Major issues: 0 > > Minor issues: 4 > > Nits/editorial comments: 3 > > Minor: > 1/ S1, s/future/subsequent/ > > 2/ S2.1, list item 4: "UAs must not attempt to fix" --> any reason "must > not" > is not normative? (Okay to leave it like this, I am just curious as to > why not simply make it normative.) > This was already fixed in a previous editor's draft. > > 3/ S2.3.2.1: Why the qualification "error-free TLS conection"? Does that > imply that other TLS connections are error-prone? I suspect that the > "error-free" qualifier to the "TLS connection" has to do with the > validation in S2.4 (as indicated by the text in brackets). If so, then > perhaps this is better stated as "Upon receipt of the Expect-CT response > header field over a TLS connection validated as described in Section 2.4, > the UA ..." > > "Error-free" here is meant to refer to RFC 5280 certificate chain validation as well as any other validation that UAs apply to TLS connections, in addition to the validation described in Section 2.4. I've added a parenthetical to clarify that. > 4/ S7: Does it make sense to enumerate one or more means on how UAs > should explain the reason? A specific HTTP header? JSON body? May > help doing so for the sake of being explicit while designing protocols, > and perhaps it can help interoperability. > This is meant to be end-user-facing, e.g. a certificate error page in a web browser, which I've tried to clarify in the text. > > Nits: > 1/ Abstract: either one of the following substitutions will work better: > s/header field, named Expect-CT, that/header field named Expect-CT, which/ > s/header field, named Expect-CT, that/header field, Expect-CT, which/ > > (There are other examples like this that should be edited. > Another one appears in S2.3.2: "If the UA receives, over a secure > transport, > an HTTP response that includes ..." => this can be better worded as "If > the UA receives an HTTP response over a secure transport that includes > ...") > > 2/ S2.1: list item 4: s/value data, that/value data that/ > > 3/ S4: s/could themselves only cure/can mitigate/ > > > > > > >
- [Gen-art] Genart last call review of draft-ietf-h… Vijay Gurbani
- Re: [Gen-art] Genart last call review of draft-ie… Emily Stark