Artart telechat review of draft-ietf-httpbis-message-signatures-17
Harald Alvestrand via Datatracker <noreply@ietf.org> Tue, 06 June 2023 13:16 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5426BC151064 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 6 Jun 2023 06:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.948
X-Spam-Level:
X-Spam-Status: No, score=-4.948 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uYN_Uy2FxZ3o for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 6 Jun 2023 06:16:30 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C434C151078 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 6 Jun 2023 06:16:29 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1q6WVX-000EJP-7M for ietf-http-wg-dist@listhub.w3.org; Tue, 06 Jun 2023 13:13:55 +0000
Resent-Date: Tue, 06 Jun 2023 13:13:55 +0000
Resent-Message-Id: <E1q6WVX-000EJP-7M@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <noreply@ietf.org>) id 1q6WVV-000EIS-RD for ietf-http-wg@listhub.w3.org; Tue, 06 Jun 2023 13:13:53 +0000
Received: from mail.ietf.org ([50.223.129.194]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <noreply@ietf.org>) id 1q6WVU-00DUDx-B4 for ietf-http-wg@w3.org; Tue, 06 Jun 2023 13:13:53 +0000
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B5FECC1519A0; Tue, 6 Jun 2023 06:13:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Harald Alvestrand via Datatracker <noreply@ietf.org>
To: art@ietf.org
Cc: draft-ietf-httpbis-message-signatures.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 10.5.1
Auto-Submitted: auto-generated
Message-ID: <168605722773.34190.6919716732733945547@ietfa.amsl.com>
Reply-To: Harald Alvestrand <harald@alvestrand.no>
Date: Tue, 06 Jun 2023 06:13:47 -0700
Received-SPF: pass client-ip=50.223.129.194; envelope-from=noreply@ietf.org; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-6.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1q6WVU-00DUDx-B4 a8bc63d3a6c78d9761329acb4efa597a
X-Original-To: ietf-http-wg@w3.org
Subject: Artart telechat review of draft-ietf-httpbis-message-signatures-17
Archived-At: <https://www.w3.org/mid/168605722773.34190.6919716732733945547@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51137
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Reviewer: Harald Alvestrand Review result: Ready with Issues The most important things I pointed out in my previous review have been at least mentioned in the new draft - the need to look at complete ecosystems (new paragraph in the introduction), better description of re-signing (section 4) and the use of a server as a signature generator (7.3.7). The discussion following the review also indicated a strong community interest in deploying this technology. If my misgivings about the approach (which I still have) are wrong, this is a good standards track document. If my misgivings are correct, this will show itself in deployment. I don't think we should block this going on the standards track in its present form.
- Artart telechat review of draft-ietf-httpbis-mess… Harald Alvestrand via Datatracker