John Scudder's No Objection on draft-ietf-httpbis-message-signatures-17: (with COMMENT)
John Scudder via Datatracker <noreply@ietf.org> Wed, 07 June 2023 23:47 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74CE6C14CE53 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 7 Jun 2023 16:47:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.645
X-Spam-Level:
X-Spam-Status: No, score=-2.645 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LdnTS_vBPUTE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 7 Jun 2023 16:47:55 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0E24C14CF1C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 7 Jun 2023 16:47:55 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1q72sP-004Wpi-Sj for ietf-http-wg-dist@listhub.w3.org; Wed, 07 Jun 2023 23:47:41 +0000
Resent-Date: Wed, 07 Jun 2023 23:47:41 +0000
Resent-Message-Id: <E1q72sP-004Wpi-Sj@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <noreply@ietf.org>) id 1q72sO-004WoP-0t for ietf-http-wg@listhub.w3.org; Wed, 07 Jun 2023 23:47:40 +0000
Received: from mail.ietf.org ([50.223.129.194]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <noreply@ietf.org>) id 1q72sM-007fmm-CM for ietf-http-wg@w3.org; Wed, 07 Jun 2023 23:47:39 +0000
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FB8CC14CF1C; Wed, 7 Jun 2023 16:47:34 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: John Scudder via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-httpbis-message-signatures@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, tpauly@apple.com, tpauly@apple.com
X-Test-IDTracker: no
X-IETF-IDTracker: 10.5.1
Auto-Submitted: auto-generated
Reply-To: John Scudder <jgs@juniper.net>
Message-ID: <168618165412.33273.13827035229803230227@ietfa.amsl.com>
Date: Wed, 07 Jun 2023 16:47:34 -0700
Received-SPF: pass client-ip=50.223.129.194; envelope-from=noreply@ietf.org; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-6.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1q72sM-007fmm-CM 6744f6c67e62fd06ce91a577c8af87a2
X-Original-To: ietf-http-wg@w3.org
Subject: John Scudder's No Objection on draft-ietf-httpbis-message-signatures-17: (with COMMENT)
Archived-At: <https://www.w3.org/mid/168618165412.33273.13827035229803230227@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51139
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
John Scudder has entered the following ballot position for draft-ietf-httpbis-message-signatures-17: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- # John Scudder, RTG AD, comments for draft-ietf-httpbis-message-signatures-17 CC @jgscudder Thanks for this thorough and well-written spec. Although I haven't done anything like a detailed line-by-line review of it, I noticed a few minor things to comment on (some are just proofreading), I hope some of these are helpful. ## COMMENTS ### General, keyword rendering You have numerous keywords identified in the source by enclosing them in <tt></tt>. This works well (or well enough) to distinguish them for what they are in the HTML rendering, but unfortunately in the txt rendering, xml2rfc does exactly and only what RFC 7991 says: renders them in a constant-width font. Since in the txt rendering, everything else is in a constant-width font too (or to split hairs, really no font information is present) this means there's nothing at all to distinguish the keywords you've gone to the trouble of identifying in your source, in the txt rendering, <tt> is basically a no-op. For the most part this is OK, context makes it clear enough, but I noticed one place where it creates ambiguity in the txt rendering. In Section 1.4, first bullet, you have For example, an authorization protocol could mandate that the Authorization field be covered to protect the authorization credentials and mandate the signature parameters contain a created parameter, In this case, there's nothing to cue a reader that "created" is the name of a particular parameter, and not an adjective being used to describe "parameter". This isn't a huge problem even in this case, and I haven't identified any more-problematic instances (although I've made no effort to audit all 448 <tt> uses). Arguably this is something for the RSWG and not the authors at all, but I wanted to make sure you were aware of it. If you've only been reviewing the HTML rendering you may never have seen the issue. ### Section 1.1, quibble about "Unix time" The term "Unix time" is defined by [POSIX.1], Section 4.16 The string "Unix time" never appears in the reference. Though the text is correct as written, if closely parsed, it might be nice to write it a little more bluntly, as in The term "Unix time" refers to what [POSIX.1], Section 4.16 calls "Seconds Since the Epoch." ### Section 2.5, imprecision in step (2)(1) 1. Check that the component identifier (including its parameters) has not already been added to the signature base. If this happens, produce an error. I think a close and uncharitable reading of this step leaves "this" without a clear referent. It's clear enough from context what you mean, so I'm not really worried, but it's nice for algorithms to be as unambiguous as possible. Perhaps something like 1. If the component identifier (including its parameters) has already been added to the signature base, produce an error. would do the job. ### Section 2.5, even nittier nit in (2)(5) bullet 2 * If the component identifier has several incompatible parameters, such as bs and sf, produce an error. Perhaps replace "several" with "two or more" or rewrite as "... has parameters that are mutually incompatible" or "... has parameters that are incompatible with one another". ### Section 2.5, another nit If covered components reference a component identifier that cannot be resolved to a component value in the message, the implementation MUST produce an error and not create a signature base. Such situations are included but not limited to: Last line should be something like "include, but are not limited to:" ### Section 6.2, spurious "are" The Designated Expert (DE) is expected to ensure that the algorithms referenced by a registered algorithm identifier are fully defined with all parameters (such as salt, hash, required key length, etc) are fixed by the defining text. The DE is expected to ensure that I think the "are" in "are fixed by the defining text" should be deleted. ### Section 8.4 A possible mitigation for this specific situation would be for the intermediary to verify the signature itself, then modifying the message to remove the privacy-sensitive information. "then modifying" -> "and then modify" ## Notes This review is in the ["IETF Comments" Markdown format][ICMF], You can use the [`ietf-comments` tool][ICT] to automatically convert this review into individual GitHub issues. [ICMF]: https://github.com/mnot/ietf-comments/blob/main/format.md [ICT]: https://github.com/mnot/ietf-comments
- John Scudder's No Objection on draft-ietf-httpbis… John Scudder via Datatracker
- Re: John Scudder's No Objection on draft-ietf-htt… Justin Richer