Martin Duke's No Objection on draft-ietf-httpbis-message-signatures-17: (with COMMENT)
Martin Duke via Datatracker <noreply@ietf.org> Wed, 07 June 2023 23:12 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BD6BC151525 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 7 Jun 2023 16:12:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.645
X-Spam-Level:
X-Spam-Status: No, score=-2.645 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6LuA0L3vg5DE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 7 Jun 2023 16:12:01 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC4A2C15108D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 7 Jun 2023 16:12:00 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1q72HL-004Sfs-GV for ietf-http-wg-dist@listhub.w3.org; Wed, 07 Jun 2023 23:09:23 +0000
Resent-Date: Wed, 07 Jun 2023 23:09:23 +0000
Resent-Message-Id: <E1q72HL-004Sfs-GV@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <noreply@ietf.org>) id 1q72HJ-004Sf0-Ra for ietf-http-wg@listhub.w3.org; Wed, 07 Jun 2023 23:09:21 +0000
Received: from mail.ietf.org ([50.223.129.194]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <noreply@ietf.org>) id 1q72HI-007f6q-6x for ietf-http-wg@w3.org; Wed, 07 Jun 2023 23:09:21 +0000
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DBCD3C151525; Wed, 7 Jun 2023 16:09:15 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Martin Duke via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-httpbis-message-signatures@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, tpauly@apple.com, tpauly@apple.com
X-Test-IDTracker: no
X-IETF-IDTracker: 10.5.1
Auto-Submitted: auto-generated
Reply-To: Martin Duke <martin.h.duke@gmail.com>
Message-ID: <168617935589.33865.894412073631446249@ietfa.amsl.com>
Date: Wed, 07 Jun 2023 16:09:15 -0700
Received-SPF: pass client-ip=50.223.129.194; envelope-from=noreply@ietf.org; helo=mail.ietf.org
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, FREEMAIL_FORGED_REPLYTO=2.095, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1q72HI-007f6q-6x 43c3fea2ca6151cbb57dc7fddd9780c1
X-Original-To: ietf-http-wg@w3.org
Subject: Martin Duke's No Objection on draft-ietf-httpbis-message-signatures-17: (with COMMENT)
Archived-At: <https://www.w3.org/mid/168617935589.33865.894412073631446249@ietfa.amsl.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51138
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Martin Duke has entered the following ballot position for draft-ietf-httpbis-message-signatures-17: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-message-signatures/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- What is the position on including national crypto and other potentially compromised algorithms? Section 6.2 doesn't demand that the DE evaluate algorithm security, but section 7.3.1 says "The HTTP Message Signatures Algorithm Registry is one source of trusted signature algorithms for applications to apply to their messages." I could see a case for including not-provably secure algorithms in the registry to avoid squatting, assuming they are fully specified, but if this were the case the registry probably needs a recommended/non recommended field.
- Martin Duke's No Objection on draft-ietf-httpbis-… Martin Duke via Datatracker
- Re: Martin Duke's No Objection on draft-ietf-http… Justin Richer
- Re: Martin Duke's No Objection on draft-ietf-http… Martin Duke