Re: AD Review of draft-ietf-httpbis-client-cert-field-04
Brian Campbell <bcampbell@pingidentity.com> Tue, 07 February 2023 22:29 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EFA8C14CF1E for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 7 Feb 2023 14:29:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.747
X-Spam-Level:
X-Spam-Status: No, score=-7.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8n53n3wcdrD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 7 Feb 2023 14:29:52 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5744FC14F739 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 7 Feb 2023 14:29:51 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1pPWT4-00DKqc-Oh for ietf-http-wg-dist@listhub.w3.org; Tue, 07 Feb 2023 22:29:38 +0000
Resent-Date: Tue, 07 Feb 2023 22:29:38 +0000
Resent-Message-Id: <E1pPWT4-00DKqc-Oh@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <bcampbell@pingidentity.com>) id 1pPWT2-00DKpA-9B for ietf-http-wg@listhub.w3.org; Tue, 07 Feb 2023 22:29:36 +0000
Received: from mail-pl1-x633.google.com ([2607:f8b0:4864:20::633]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <bcampbell@pingidentity.com>) id 1pPWSz-00BdIp-Ap for ietf-http-wg@w3.org; Tue, 07 Feb 2023 22:29:36 +0000
Received: by mail-pl1-x633.google.com with SMTP id w5so7207557plg.8 for <ietf-http-wg@w3.org>; Tue, 07 Feb 2023 14:29:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=mJXmIq0mtUaPCwUNF7a0vzO2mmUxmj2IUVjZcS3TUQk=; b=UIdqS4Vgrc2lddCZEQv3LHQPPO6uNO0LAEmDV+GDp0djXiGo9P7ot1oqk464OnDUe0 jykhXQehgQM2Fb6kmaxR9dcPJGRS1xRn4OBjLgGKGqP8KeY/KzVb0YAgNzYyVwFhsUnG xFw/iRnLRT/MVFZKNxHlpcPx+/Nms7PCH4NljsaUUp8xBokCnWjpY8rtDAdC/oG7R1Kf +NRQnCdAQjJZ0Wwh7gYGSF7/Wjb8Dg+8sjJDNdMN1ayjWQIm5WuPo35Tg6MIOsjKHPkZ I2kPaSgmFb2uU4tE8iKqC6xGOVXtfUdVGdhV/xcV7I87kH+KRdbYtlhxAoG80xTuY9eF lk/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=mJXmIq0mtUaPCwUNF7a0vzO2mmUxmj2IUVjZcS3TUQk=; b=giOfQ2R3XrWage+zwsOBfjLnQzv/ia12h7VilYgzmlidFMVI7THOjHnlKPvDVW6v8N 82brEJRzo6WMykF8Vq2/+P2PiPvn2WT8p6gwpdHf+CmFZGKR1q5YZFDWfNPHLZ1kSV+I hGmqfeVFJoG0NgjklnMJh65VU6cAB38FlQbg54qEy/j2BHtNHc4sAhMh+mY5JMPugGwF gkeShYVHI4iK0QLtzp/SiDzOe/B/7vJSyn+KShxD/WCwBN9GPPVK2fHcjHgJ+aq+A5Ph aNh+TzRW344hYKrGZMcTTmEH4aleBRE2vNCWv2E6/1J7lFDQ1QWnyQdk7rUc4CY+CGWp GkBQ==
X-Gm-Message-State: AO0yUKU2SJc920Ollt10nLODRCu3wrE99U0boFna1EBWKzaIN2iGyoAs 0EQlttGG386XptF52bRJ9pIsDBuUuaV53r2EH8Dy0I3gpwSMNijNGUvyMxz9p+betZFDmD6Qyyu cjuNMdDHgrq6QG2MNp3gb
X-Google-Smtp-Source: AK7set/CiwRLO9awXnh344jOExK24VmxhuDevk1WDEUOW0KfZQGT9DOEunzTkGrUFnaCEJhrS2cH0G0ngMok0FWgL+Q=
X-Received: by 2002:a17:902:c950:b0:196:6c8c:288f with SMTP id i16-20020a170902c95000b001966c8c288fmr1245009pla.32.1675808963735; Tue, 07 Feb 2023 14:29:23 -0800 (PST)
MIME-Version: 1.0
References: <AS1PR07MB861609147ABF2C5CAA4F418898DA9@AS1PR07MB8616.eurprd07.prod.outlook.com>
In-Reply-To: <AS1PR07MB861609147ABF2C5CAA4F418898DA9@AS1PR07MB8616.eurprd07.prod.outlook.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 07 Feb 2023 15:28:54 -0700
Message-ID: <CA+k3eCR2KHupXLC3XNDv52RHSbrcbSmpbh5i2Yp4-Npaj9vsxw@mail.gmail.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>
Cc: "draft-ietf-httpbis-client-cert-field@ietf.org" <draft-ietf-httpbis-client-cert-field@ietf.org>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="000000000000fece5e05f423ad43"
Received-SPF: pass client-ip=2607:f8b0:4864:20::633; envelope-from=bcampbell@pingidentity.com; helo=mail-pl1-x633.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=bcampbell@pingidentity.com domain=pingidentity.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-5.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1pPWSz-00BdIp-Ap d7dcf8b33683a3651c0be7417cdbd753
X-Original-To: ietf-http-wg@w3.org
Subject: Re: AD Review of draft-ietf-httpbis-client-cert-field-04
Archived-At: <https://www.w3.org/mid/CA+k3eCR2KHupXLC3XNDv52RHSbrcbSmpbh5i2Yp4-Npaj9vsxw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/50695
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Thanks Francesca, Some followup comments/questions are inline below. On Mon, Feb 6, 2023 at 9:42 AM Francesca Palombini < francesca.palombini@ericsson.com> wrote: > # AD Review of draft-ietf-httpbis-client-cert-field-04 > > cc @fpalombini > > > > Thank you for this document. > > > > No major comments from me, only one comment around a normative MUST and > some nits, which you can address together with any other last call comments. > > > > I also note that the consensus of the wg is for it to be informational, > which is fine since I understand this document is meant to be the reference > specification for two IANA registrations that are "specification required", > but it read to me as a standard track doc. As the wg has discussed and > gotten consensus around informational, I don't expect any change, just > bringing it up one last time before LC since I expect there might be more > comments in LC and IESG eval. > > > > ## Comments > > > > ### MUST prevent unintended use > > > > Section 4: > > > Therefore, steps MUST be taken to prevent unintended use, both in > sending the header field and in relying on its value. > > > > This might simply be a formulation problem, but when I read it I am not > sure this is a MUST the reader will know how to implement. > The idea with that sentence was that the 'how' is described in the rest of the section. The keyword MUST probably isn't appropriate there. And a bit more context might be useful too. Would changing it to this sentence address that formulation problem? Or maybe I'm missing your point... "Therefore, steps such as those described below need to be taken to prevent unintended use, both in sending the header field and in relying on its value." > > > ## Nits > > > > ### Editorial nits > > > > Section 4: > > > The configuration options and request sanitization are necessarily > functionally of the respective servers. > > > > s/necessarily functionally/necessary functions ? > Either works I think :) But I'll change it. > ### Considerations considered > > > > Funny title for Appendix B :) Where are the considerations not considered? > It was actually intended to be somewhat humorous. :) I was trying to convey something like "these are some things that were considered" to hopefully avoid questions about whether they'd been considered. Kind of like a FAQ for the general approach taken by the document. Also I didn't feel great about other potential titles there. But I can see how the title doesn't look great. I know this sounds silly but I'm not sure what the section title should be. Maybe "Document Considerations" "General Considerations" or "Design Considerations"? Or something else that I'm not able to think of? > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- AD Review of draft-ietf-httpbis-client-cert-field… Francesca Palombini
- Re: AD Review of draft-ietf-httpbis-client-cert-f… Brian Campbell
- Re: AD Review of draft-ietf-httpbis-client-cert-f… Brian Campbell