Re: [http-auth] Mirja Kühlewind's No Objection on draft-ietf-httpauth-extension-08: (with COMMENT)

大岩寛 <y.oiwa@aist.go.jp> Sat, 03 September 2016 03:31 UTC

Return-Path: <y.oiwa@aist.go.jp>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FA6712D155; Fri, 2 Sep 2016 20:31:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aist.go.jp
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MTWooCAGnsb2; Fri, 2 Sep 2016 20:31:33 -0700 (PDT)
Received: from JPN01-TY1-obe.outbound.protection.outlook.com (mail-ty1jpn01on0058.outbound.protection.outlook.com [104.47.93.58]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 991C112B040; Fri, 2 Sep 2016 20:31:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aist.go.jp; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=4OerEYQazxV/duWhnk+P+uVs6AWADkqcAaMs+BregLA=; b=EKWmsmz9srp1F5JACmqfuIKYFGcmzvdXhLImtP/dr2Bwz3b5pP0RtRs7TtkjqeVo4zXa4B8ixSmVNT1BfLM2exG1S8jJZecQhTpcWQRsbIIyzN576GRX7Kw6suGm2fe1CmhngpXRE3X2dCmRgabkxe193iOl670O3OXp1RWtZ1k=
Received: from TY1PR01MB0588.jpnprd01.prod.outlook.com (10.167.157.18) by TY1PR01MB0588.jpnprd01.prod.outlook.com (10.167.157.18) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.599.9; Sat, 3 Sep 2016 03:31:27 +0000
Received: from TY1PR01MB0588.jpnprd01.prod.outlook.com ([10.167.157.18]) by TY1PR01MB0588.jpnprd01.prod.outlook.com ([10.167.157.18]) with mapi id 15.01.0599.016; Sat, 3 Sep 2016 03:31:27 +0000
From: =?utf-8?B?5aSn5bKp5a+b?= <y.oiwa@aist.go.jp>
To: Mirja Kuehlewind <ietf@kuehlewind.net>, The IESG <iesg@ietf.org>
Thread-Topic: =?utf-8?B?TWlyamEgS8O8aGxld2luZCdzIE5vIE9iamVjdGlvbiBvbiBkcmFmdC1pZXRm?= =?utf-8?Q?-httpauth-extension-08:_(with_COMMENT)?=
Thread-Index: AQHSBE4MZyZXOWKoAU2ipjTGOtkmZ6BnHeCg
Date: Sat, 3 Sep 2016 03:31:26 +0000
Message-ID: <TY1PR01MB0588060814E108BBE9040989A0E40@TY1PR01MB0588.jpnprd01.prod.outlook.com>
References: <147273363289.10148.188400348872297119.idtracker@ietfa.amsl.com>
In-Reply-To: <147273363289.10148.188400348872297119.idtracker@ietfa.amsl.com>
Accept-Language: ja-JP, en-US
Content-Language: ja-JP
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=y.oiwa@aist.go.jp;
x-originating-ip: [153.210.192.20]
x-ms-office365-filtering-correlation-id: a623cff6-67bb-47e0-5cab-08d3d3aac9b1
x-microsoft-exchange-diagnostics: 1; TY1PR01MB0588; 6:RbqvzbTotkdy2/11uEtj/6VbU0QqAgg8xwQLOU9NShvcL9sGphC3MuaDA1G6bFoXM7t29hseCWP7Stmnr2BCZjuv7xDmMCdlVoGLr/EfFHS/vBTGN/IHQ8rWhUn7KOP1/Y651rl6AI+Zy7c9UMa+W32eb5AAm3FutWELefTaSXAzbmkKZA/GrACWa4eVpRE7Lj48MVK9WlEEadWVRoGke3Pi61ySdtATtHQilZLlpjpHVbig1Hug1WxBeyYlTCakfB4QnxDa/sAxp2jt0ufxcI5zD9Ml/xIFVXe02hDN3THCzdSqfqrso/0U0djsRZgflkiE2G4OWQ0LVfTGLlI4KA==; 5:rxAsmRZ+jOG7aZ96S6TrsC1Sm14HTx9UzJ3diEdjBzskeAorCHrXHABFXZTM8T0ORfBzsUnkLXtOpR6YuMD8lbkTGeq0fQnzTkbUfTsnY079HsX2mCveaAKXUhcwhLyHMLaDNC0cBHdkqeOaMINP3w==; 24:DdL82I3WDdE/fet1C9FAWRbJH/OJlJuyghhCLzDQzkHZdRYlvXaccWkJESAIkRYYTtwk673gcqQcU/mWeOY0pcTYYekwhIkdsDJ54Jnjx7Q=; 7:OkWk3vwDqXNUuZE6qI3AEfWq4wPCz7/KO6Q7z5VxxMZdYjtyhwcg4ek4Hc2GRQz86k0KoBW8foq5lNcUcxzisVC1NZld7m5o5ec5rf/dCozlDmOMeoKthWnT4ovsPflI3L4IOTc2bbw1liqeuBeXeBhAohD1kokPr/Pwa2A1/ORcrexO0o66+I1p/zyRXqmyhqlgvw11hWQDk16bSguhD2W+azjsDTtZAEm4JGpdRMJQldzniA7fX96Zvsj98lut
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:TY1PR01MB0588;
x-microsoft-antispam-prvs: <TY1PR01MB0588B4D6685884EDAF42E737A0E40@TY1PR01MB0588.jpnprd01.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:TY1PR01MB0588; BCL:0; PCL:0; RULEID:; SRVR:TY1PR01MB0588;
x-forefront-prvs: 00540983E2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(7916002)(189002)(199003)(45984002)(102836003)(6116002)(586003)(74482002)(224313004)(74316002)(97736004)(5660300001)(11100500001)(5001770100001)(77096005)(2950100001)(85182001)(224303003)(7846002)(86362001)(4326007)(76576001)(305945005)(2900100001)(19580405001)(50986999)(81166006)(106356001)(106116001)(9686002)(68736007)(81156014)(3846002)(19580395003)(7736002)(105586002)(7696003)(10400500002)(33656002)(92566002)(122556002)(3280700002)(2906002)(189998001)(345774005)(101416001)(3660700001)(87936001)(76176999)(54356999)(5002640100001)(66066001)(8936002)(230783001); DIR:OUT; SFP:1101; SCL:1; SRVR:TY1PR01MB0588; H:TY1PR01MB0588.jpnprd01.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: aist.go.jp does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: aist.go.jp
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2016 03:31:26.9715 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 18a7fec8-652f-409b-8369-272d9ce80620
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PR01MB0588
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-auth/l5haIYHjGvncFXMdXQDfPCKrRdk>
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, "httpauth-chairs@ietf.org" <httpauth-chairs@ietf.org>, "draft-ietf-httpauth-extension@ietf.org" <draft-ietf-httpauth-extension@ietf.org>
Subject: Re: [http-auth] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_dr?= =?utf-8?q?aft-ietf-httpauth-extension-08=3A_=28with_COMMENT=29?=
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Sep 2016 03:31:34 -0000

Dar Mirja,

thank you for your comments.


> COMMENT:
> ----------------------------------------------------------------------
> 
> 1) The following disclarer is a little odd:
> 
> "The terms "encouraged" and "advised" are used for suggestions that do
>    not constitute "SHOULD"-level requirements.  People MAY freely choose
>    not to include the suggested items.  However, complying with those
>    suggestions would be a best practice; it will improve the security,
>    interoperability, and/or operational performance."

> Both terms are only used once. I would recommend to remove the text above and
> simply use MAY later in the doc (or not use MAY and leave the later text as
> it is just without the disclaimer).
>
We'll update it.  After we divided a single draft into three parts,
I agree that this clause became too much for this draft.

> 2) I agree that the section on username should point to the secturity section
> to give a clear warning. However, I also don't really understand why username
> is needed. If there is a good use case for it, maybe it's worth to explain this
> as another example.

We'll add a simple example for this.  Thank you very much.

-- 
Yutaka OIWA, Ph.D.       Leader, Cyber Physical Architecture Research Group
                                  Information Technology Research Institute
    National Institute of Advanced Industrial Science and Technology (AIST)
                      Mail addresses: <y.oiwa@aist.go.jp>jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]