[Id-event] RFC 9493 - Errata
Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 14 December 2023 09:24 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F1B6C14F5FB for <id-event@ietfa.amsl.com>; Thu, 14 Dec 2023 01:24:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.103
X-Spam-Level:
X-Spam-Status: No, score=-7.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BmsCB_A-BEY9 for <id-event@ietfa.amsl.com>; Thu, 14 Dec 2023 01:24:53 -0800 (PST)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 328AEC14F600 for <id-event@ietf.org>; Thu, 14 Dec 2023 01:24:53 -0800 (PST)
Received: by mail-qt1-x832.google.com with SMTP id d75a77b69052e-4259c7dfb63so41592901cf.1 for <id-event@ietf.org>; Thu, 14 Dec 2023 01:24:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702545892; x=1703150692; darn=ietf.org; h=mime-version:thread-topic:message-id:cc:to:from:subject:date :user-agent:from:to:cc:subject:date:message-id:reply-to; bh=6oiWbqgV2UtZmB7217yhaa8+ueTsKqZBGaAMGv2/ids=; b=MF7gPzfNCfPaO5fOkZ0LlhUDCA98FCWkOk7H+/FJF/53sfLd9U9IagcaY2CDBlhbTC /PUlyfgV5WFoMtq++3V3l+zuY3smd9hIbt2n165xLsccDjFFxLp9fusmIgS/w6wgv2ZJ 1JCdnIROm59VJIuJQ1sYwgOWabdZhYoDCe9B+bxSkhoRZEWjPwVgUC2+HHo6XxzKgt9d MPgaph4WWtFOaEmN5xsN/dIopLZxts1V4nq8kSaRAhid0BdOsZ2YI2YR+wz/9Qw4GMh5 6PakajJeN2G7l4JkaF3P0OVf4oj5mKDCXr3ZJH12kISuqxcdByZX8rC3qb885uS/Wo3E cKvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702545892; x=1703150692; h=mime-version:thread-topic:message-id:cc:to:from:subject:date :user-agent:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6oiWbqgV2UtZmB7217yhaa8+ueTsKqZBGaAMGv2/ids=; b=Z3u7GpaXGTVBXFoWq4aly2sXkRU/kAZOb7quNybRYt33emsZyShXp+CKLUjoZ5A/zT l2/WSLiDsimvnMqoCrDzHEJdgdauzQqMV2MZtOBpTRgvhQHKSGx5ZxTQ02t8v2hUIz+J Vb/7aZqGsLGa2SG1KtFrRKNUry5/MNFMgQAXLUCyG8tTPs74YTU3JGuMlRy7xLwmJgVa IM43DQpKieoF4n71Rr+DEdJSbX21G6nMZkodp44WQUjSVjkh7Tns7WR2dOpBdixwfb4A T9bWLHuxXzTgUdukfLvg8gcZ/lNZKqm+Yn+5w9B99I8mwQJpugslBNMu8PQl4/6QeTpA Fzug==
X-Gm-Message-State: AOJu0YyUlQozWwN/gc5U3Ve8W38fkKk65WwA6jA201gjisSeTD4L/nfl sjG2HXeYzGIN65CUHF4FJc8=
X-Google-Smtp-Source: AGHT+IEqK9UTqbEysak9THoTENxYoIlYewQRBL2G4Fhs8JFqOWO9RVTv8AwTsf3Q6velDbzJ5qVRmg==
X-Received: by 2002:a05:622a:181:b0:425:8d33:23ff with SMTP id s1-20020a05622a018100b004258d3323ffmr12760432qtw.109.1702545892030; Thu, 14 Dec 2023 01:24:52 -0800 (PST)
Received: from [192.168.68.102] (IGLD-84-229-146-155.inter.net.il. [84.229.146.155]) by smtp.gmail.com with ESMTPSA id hf20-20020a05622a609400b00425e8c7d65fsm1649025qtb.23.2023.12.14.01.24.50 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Dec 2023 01:24:51 -0800 (PST)
User-Agent: Microsoft-MacOutlook/16.79.23112723
Date: Thu, 14 Dec 2023 11:24:48 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Roman Danyliw <rdd@cert.org>
CC: id-event@ietf.org, Atul Tulshibagwale <atul@sgnl.ai>, Prachi Jain <prachi.jain1288@gmail.com>
Message-ID: <F3A5FBF8-8179-4998-A4C1-89BB76D9A2D6@gmail.com>
Thread-Topic: RFC 9493 - Errata
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3785397890_1709018823"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/-S-MsO2W6PeFF_O5kjP8om-7QNM>
Subject: [Id-event] RFC 9493 - Errata
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2023 09:24:57 -0000
Hi Roman, We seem to have consensus that the errata [1] should be marked “verified”. Since the SecEvent WG is concluded, you get the honor of resolving the errata per the IESG statement [2]. Also, there is precedent to IANA acting on verified errata [3], so we should be fine. Thanks, and Happy Holidays! Yaron [1] https://www.rfc-editor.org/errata/eid7727 [2] https://www.ietf.org/about/groups/iesg/statements/processing-errata-ietf-stream/ [3] https://www.rfc-editor.org/errata/rfc7854 From: Prachi Jain <prachi.jain1288@gmail.com> Date: Wednesday, 13 December 2023 at 21:43 To: Atul Tulshibagwale <atul@sgnl.ai> Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, <id-event@ietf.org> Subject: Re: [Id-event] RFC 9493 on Subject Identifiers for Security Event Tokens This does seem like an error and should be fixed. On Tue, Dec 12, 2023 at 2:58 PM Atul Tulshibagwale <atul@sgnl.ai> wrote: Hi Yaron, I was referring to the use of the term "Security Event Identifier Formats Repository" in the rest of the document. The errata has been updated to reflect this now. https://www.rfc-editor.org/errata/eid7727 Thanks, Atul On Tue, Dec 12, 2023 at 10:59 AM Yaron Sheffer <yaronf.ietf@gmail.com> wrote: Hi Atul, Back to your original mail, “there are a few more changes that will flow from there, if this is considered to be an error.” Could you say what these changes are, so we can deal with this all in one go? Thanks, Yaron From: Atul Tulshibagwale <atul@sgnl.ai> Date: Tuesday, 12 December 2023 at 0:32 To: Yaron Sheffer <yaronf.ietf@gmail.com> Cc: Prachi Jain <prachi.jain1288@gmail.com>, <id-event@ietf.org> Subject: Re: [Id-event] RFC 9493 on Subject Identifiers for Security Event Tokens Hi Yaron, I believe it is an error, because what is described in the RFC is not "Security Event Identifiers", they are "Subject Identifiers" within Security Event Tokens. I agree that the content of the registry matters more, but I am writing a draft that relies on this RFC and this registry in particular. It uses the same Subject Identifier formats, but not within SETs, and the API I'm defining in my draft has nothing to do with Security Events. Therefore it becomes confusing to the readers of my draft to be referencing an IANA registry named "Security Event Identifier Format Registry". I've filed an errata now: https://www.rfc-editor.org/errata/eid7727. I'm happy to discuss with the WG. Thanks, Atul On Mon, Dec 11, 2023 at 1:51 PM Yaron Sheffer <yaronf.ietf@gmail.com> wrote: Hi Atul, I am personally on the fence here because the original context is identifiers used in security events. See the RFC’s Introduction, where we start with security events and then slowly broaden the scope. However, if you think this is in error and should be fixed, feel free to file an errata [1] and we will discuss it. Ultimately what counts is the IANA registry [2] and whether it is comprehensible and useful. Thanks, Yaron [1] https://www.rfc-editor.org/errata.php#reportnew [2] https://www.iana.org/assignments/secevent/secevent.xhtml From: Atul Tulshibagwale <atul@sgnl.ai> Date: Monday, 11 December 2023 at 21:54 To: Prachi Jain <prachi.jain1288@gmail.com> Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, <id-event@ietf.org> Subject: Re: [Id-event] RFC 9493 on Subject Identifiers for Security Event Tokens Thanks Yaron, I think I discovered an issue with the spec, just as I was trying to refer to it: Section 8.1 is named "Security Event Identifier Formats Registry". Should it be named "Subject Identifier Formats Registry"? There are a few more changes that will flow from there, if this is considered to be an error. Atul On Thu, Dec 7, 2023 at 3:51 AM Prachi Jain <prachi.jain1288@gmail.com> wrote: Thanks Yaron. Truly appreciate the guidance and support in getting this past the finish line. On Thu, Dec 7, 2023 at 5:04 AM Yaron Sheffer <yaronf.ietf@gmail.com> wrote: Congratulations on this last deliverable of the Security Events working group. Thanks to Annabelle and Prachi who drove this document to completion! Yaron On 07/12/2023, 3:06, "id-event-bounces@ietf.org <mailto:id-event-bounces@ietf.org> on behalf of rfc-editor@rfc-editor.org <mailto:rfc-editor@rfc-editor.org>" <id-event-bounces@ietf.org <mailto:id-event-bounces@ietf.org> on behalf of rfc-editor@rfc-editor.org <mailto:rfc-editor@rfc-editor.org>> wrote: A new Request for Comments is now available in online RFC libraries. RFC 9493 Title: Subject Identifiers for Security Event Tokens Author: A. Backman, Ed., M. Scurtescu, P. Jain Status: Standards Track Stream: IETF Date: December 2023 Mailbox: richanna@amazon.com <mailto:richanna@amazon.com>, marius.scurtescu@coinbase.com <mailto:marius.scurtescu@coinbase.com>, prachi.jain1288@gmail.com <mailto:prachi.jain1288@gmail.com> Pages: 18 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-secevent-subject-identifiers-18.txt URL: https://www.rfc-editor.org/info/rfc9493 <https://www.rfc-editor.org/info/rfc9493> DOI: 10.17487/RFC9493 Security events communicated within Security Event Tokens may support a variety of identifiers to identify subjects related to the event. This specification formalizes the notion of Subject Identifiers as structured information that describes a subject and named formats that define the syntax and semantics for encoding Subject Identifiers as JSON objects. It also establishes a registry for defining and allocating names for such formats as well as the JSON Web Token (JWT) "sub_id" Claim. This document is a product of the Security Events Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards <https://www.rfc-editor.org/standards>) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce <https://www.ietf.org/mailman/listinfo/ietf-announce> https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist <https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist> For searching the RFC series, see https://www.rfc-editor.org/search <https://www.rfc-editor.org/search> For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk <https://www.rfc-editor.org/retrieve/bulk> Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org <mailto:rfc-editor@rfc-editor.org>. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC _______________________________________________ Id-event mailing list Id-event@ietf.org <mailto:Id-event@ietf.org> https://www.ietf.org/mailman/listinfo/id-event <https://www.ietf.org/mailman/listinfo/id-event> _______________________________________________ Id-event mailing list Id-event@ietf.org https://www.ietf.org/mailman/listinfo/id-event _______________________________________________ Id-event mailing list Id-event@ietf.org https://www.ietf.org/mailman/listinfo/id-event
- [Id-event] RFC 9493 - Errata Yaron Sheffer