Re: [Gen-art] Gen-ART Last Call review of draft-hodges-webauthn-registries-05

Mike Jones <Michael.Jones@microsoft.com> Wed, 13 May 2020 23:49 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EC9A3A07FD; Wed, 13 May 2020 16:49:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.273
X-Spam-Level:
X-Spam-Status: No, score=-2.273 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.173, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6d6z1lKCCrbG; Wed, 13 May 2020 16:49:12 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640112.outbound.protection.outlook.com [40.107.64.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44C7F3A080C; Wed, 13 May 2020 16:49:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Tc/DyfsVPmX5t/djqLx/kpAuEWmUHyXgb6239ZzQaPbzdTSkk6D3x6cGQhNHrFrzfMIWvLfyo4vrp73Ro5Vb4L83Pyw6exolVR4Wqjc+idpmxDT5F51G2JYM3cLJp9/pp50ewLQRUJxf6v+6Ol1do8QC9FqFedwtRfBq1phCZfWL9KRTabfww6LGgknP6D+tnSqu1F4dF+gOz2sKbor7DdPe1m4EVmYBHhjcCrKQEEzOXI8YFxr0eg2sg7o1XS+5yjP/p45Sxqz5OWuhm4LE4cmLxbFk5DgIkDjyBuCj/F8p1+DeVI43jtrQGIdIqcR+iMw0fjfNzRPUUu6JANFpGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RGisPAnUorfgEMnM1YNEYMf7oaiSkubPqj9v7N1uZZY=; b=Sw/+QwCC0XvW7vhyu2Xvl1GJUUVL5S55H2GDWtBsklmK9WpdixtLC/J7YrR0Q2asWSCeEWwzqw4K3vo9mfc+S4f8N7t66qGR6YsYKvbn3D6OhRRqvlh/TepPHuwIuMM61dLXrcQaiwar1NrKEP+Q5xq8r07nB5v3hmkAXNwZ10j80DeyvzEZpZd1Gvqr/6/dpKvE6072uVoqRt3IUm9dnmOUG8UkxL943dTZjcom8Nz5RZQpX1N+avav/l4fIm/ovlv3qjvmaXELRYpHBfxe3YFsRRN8eRHKLtYmHQ1CG3Y0hFkBOxdrxk6bJz+7xRTLmOJAo1fVB1/1mqVSdpQhUA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RGisPAnUorfgEMnM1YNEYMf7oaiSkubPqj9v7N1uZZY=; b=MD7yDaBt1QTrTbqpONgcd+2S6DJ1VqMJ/BtLKbW/7k7vjWPfb6umVuAUEFZgLqfV8vodgs2E2+RBMF7jho+ToLgjAt+p6P2hMzrDKp6hwn4qlbRYtfsOr/GQWEc7WrfwYJN1O8ZbQIe8aMJq8bNdLIiXHs4CB0XBz2nKpZxmz3k=
Received: from MN2PR00MB0686.namprd00.prod.outlook.com (10.255.224.141) by MN2PR00MB0608.namprd00.prod.outlook.com (20.179.20.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3035.0; Wed, 13 May 2020 23:49:05 +0000
Received: from MN2PR00MB0686.namprd00.prod.outlook.com ([fe80::68f6:b54c:8d5e:d283]) by MN2PR00MB0686.namprd00.prod.outlook.com ([fe80::68f6:b54c:8d5e:d283%7]) with mapi id 15.20.3035.000; Wed, 13 May 2020 23:49:04 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, "draft-hodges-webauthn-registries.all@ietf.org" <draft-hodges-webauthn-registries.all@ietf.org>
CC: General Area Review Team <gen-art@ietf.org>, Benjamin Kaduk <kaduk@mit.edu>
Thread-Topic: Gen-ART Last Call review of draft-hodges-webauthn-registries-05
Thread-Index: AdYpdPFN7NtcOK9XRL2wm9udzaWoZg==
Date: Wed, 13 May 2020 23:49:04 +0000
Message-ID: <MN2PR00MB06864995AE0B945076FBD265F5BF0@MN2PR00MB0686.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=20ddaaaf-8f57-46cd-9f96-0000fb9878f6; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-05-13T22:21:59Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: alum.mit.edu; dkim=none (message not signed) header.d=none; alum.mit.edu; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.87.252]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: d5c791e6-8146-4e38-588a-08d7f798383d
x-ms-traffictypediagnostic: MN2PR00MB0608:
x-microsoft-antispam-prvs: <MN2PR00MB06085FAFD97D336DF687EE4DF5BF0@MN2PR00MB0608.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0402872DA1
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: BKYnccxOi6d4AQU5Q0y7dkoQp882sTxtx+QpQjYs+JfFNYLndUISFXsI3OJ7Vv8M1jpYARoa03auhmaFdIdLuKoB6apdDGW26GYQkpCwBKltKo6Y2kTxrATm52k4cdL7rqwK//kFPTHP8RO/hjOZgEuG+FNJFi40jWo5yzws4H6fvay8xTov/zZak7ARWnXBo2xTZ0n6AyEu699G6JQkcwlkUBx6Ban++ujMCP5rXN6U+6ZDbBHeCeqs8LqV8XAulTzrEJVGm6T+sFrWBM43fRVC+zdELAqyZGwNK2DY3aKilHQ7GKD3XATmFvkue2Vvm0wImd2yK0AhO4TsEXNTuFsRSCGrtnlg2G4JXSEYKwmE+OoWcfkaJzdZwrgX44tzY4otmDHKfi9p7b4OEbrdLg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR00MB0686.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(39860400002)(376002)(136003)(396003)(366004)(54906003)(82950400001)(110136005)(6506007)(33656002)(86362001)(53546011)(4326008)(5660300002)(186003)(2906002)(8990500004)(966005)(66556008)(76116006)(7696005)(52536014)(71200400001)(66446008)(64756008)(55016002)(8676002)(66946007)(82960400001)(66476007)(26005)(8936002)(10290500003)(9686003)(316002)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: njCLulNw1zXH41JSQ23toY5BV1D7duYhybbHDm36eOqwOZ/eHvnGU4UX8YTNSA0KR4xzi/bZJy48R3byernAA0LDKOhrdU0+U74BKBRqabMZTVsSy5osQA9eOZyQjuTRYVvSf2GhB0ZaaMxfHIpSOzMpRlfMcAa4MgIbNg3yl228CwAZ19uGwE52NeoryrpyBrende58I2Ruv0W3LnYafiGfqj9Uqot6xZ+//32Z4r22/Hm0LJ/lK7xPQzOOM+DL3AIpUR4sOlAWKoP23lEg3vbp1QOvKoEnJ54iFe5iRvwWf+xfsJv5ypXdeHL+Z/5F5UdX9/6cslaXQ3j8ptQGDZwMrSeGcK/UXDMPkOOZYpadUEvbdfyh7ZQboRlOD5DO1SGgCVp2ajYdUEIKySPHsv2ojS8Sd26dwQPc2k0TJqcAzzakS5GKAD6MQ+vFcponqeUczeahqjy5GNu6O5mQasj5Dk5S/QhWYQd9ZvFYb+E=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR00MB0686.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d5c791e6-8146-4e38-588a-08d7f798383d
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 May 2020 23:49:04.4498 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: z/6Q/rLIxeVoytmXjanJUtcQA9ShhAJvrOS5QYwQBcwpLIdnjXUf1WEV7jUO9T8g4y23YXsF3T5kGFk533L5Eg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR00MB0608
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/c-d1MhkuuRvofWilQ7kXbiuFhzg>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-hodges-webauthn-registries-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2020 23:49:14 -0000

Thanks for your review, Paul.  After consultation with Jeff Hodges, we've decided to delete the language about defining additional fields.  (This language was copied from RFC 8288 but we decided that it wasn't needed for the purposes of this specification.)

You can see proposed updated source for -06 at https://github.com/w3c/webauthn/pull/1415.

				Thanks again,
				-- Mike

-----Original Message-----
From: Paul Kyzivat <pkyzivat@alum.mit.edu> 
Sent: Monday, April 13, 2020 11:19 AM
To: draft-hodges-webauthn-registries.all@ietf.org
Cc: General Area Review Team <gen-art@ietf.org>
Subject: Gen-ART Last Call review of draft-hodges-webauthn-registries-05

I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair.  Please treat these comments just like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-hodges-webauthn-registries-05
Reviewer: Paul Kyzivat
Review Date: 2020-04-13
IETF LC End Date: 2020-04-29
IESG Telechat date: ?

Summary:

This draft is on the right track but has open issues, described in the review.

Issue: Additional registry fields defined by experts

Section 2 specifies that experts are allowed to define additional fields to be collected in the registry. It isn't clear to me how this is intended to work, or could work. Some concerns that come to mind are:

* Is this on a per-registration basis? Once a new field has been requested, must that field be retroactively added to all preexisting registrations and all future entries in the registry?

* How will someone who is consulting the registry discover the meaning of the new fields?

* Does IANA have procedures to handle this sort of modification to the registries?

ISTM that the "Notes" field can already be used for extra format-specific data. Adding additional fields that apply to all entries would be better served by a formal revision to the registry.

If you really want to preserve this ability for experts to add fields then you need to specify in great detail how this is to work, and verify with IANA that it is feasible.

Otherwise the document seems ready to go.