IETF Logo Mail Archive

Re: [Id-event] Push Delivery: working group last call

Mike Jones <Michael.Jones@microsoft.com> Mon, 11 March 2019 03:44 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04D7C130E83 for <id-event@ietfa.amsl.com>; Sun, 10 Mar 2019 20:44:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HrwTyOMtJOZD for <id-event@ietfa.amsl.com>; Sun, 10 Mar 2019 20:44:36 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-dm3nam06on071e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe56::71e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77EB8130EB4 for <id-event@ietf.org>; Sun, 10 Mar 2019 20:44:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r9HbioxhDD+cVqlQM+JIvjM9WkwlIX6fKVrilz6Nkww=; b=Q+BM+D2RV8fJm2BPZcNRh0R0J1wdud53CloweJ57CqXqAYRKjLJ2vBs27ps1MVfWdn/DFcFC8gOAQH51WbzmwWJ2vnlrUaIRUaXR0bBYaxBizydA83D8DFiXUrXsTlR6Lrs1Ht8OA1VpjW3V7l1cxM2Cg8ZJ+04aSAkStBdQ/6o=
Received: from BL0PR00MB0292.namprd00.prod.outlook.com (52.132.19.158) by BL0PR00MB0339.namprd00.prod.outlook.com (52.132.20.17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1738.0; Mon, 11 Mar 2019 03:44:29 +0000
Received: from BL0PR00MB0292.namprd00.prod.outlook.com ([fe80::b0eb:33e5:4f2e:a290]) by BL0PR00MB0292.namprd00.prod.outlook.com ([fe80::b0eb:33e5:4f2e:a290%7]) with mapi id 15.20.1740.000; Mon, 11 Mar 2019 03:44:29 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Annabelle Richard <richanna@amazon.com>, Dick Hardt <dick.hardt@gmail.com>, SecEvent <id-event@ietf.org>
CC: Yaron Sheffer <yaronf.ietf@gmail.com>, "Morteza Ansari (moransar)" <moransar@cisco.com>, Phil Hunt <phil.hunt@oracle.com>, Anthony Nadalin <tonynad@microsoft.com>, Marius Scurtescu <marius.scurtescu@gmail.com>
Thread-Topic: Push Delivery: working group last call
Thread-Index: AQHUtBA6g54h+RZuyUabVUnKEqXD36YDzaCQgAJA2KA=
Date: Mon, 11 Mar 2019 03:44:29 +0000
Message-ID: <BL0PR00MB0292BC5452DDB7A1EDA943F2F5480@BL0PR00MB0292.namprd00.prod.outlook.com>
References: <CAD9ie-t0eteREXoE6HD4ZUKw7G-P=WAtM1ksPuQEu_5oU=hPuA@mail.gmail.com> <MW2PR00MB02984A22150074230401E844F54E0@MW2PR00MB0298.namprd00.prod.outlook.com>
In-Reply-To: <MW2PR00MB02984A22150074230401E844F54E0@MW2PR00MB0298.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.47.93.218]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c5d0392a-5f9e-45b8-baaf-08d6a5d3dddf
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:BL0PR00MB0339;
x-ms-traffictypediagnostic: BL0PR00MB0339:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BL0PR00MB0339D07759A3E2099932AC06F5480@BL0PR00MB0339.namprd00.prod.outlook.com>
x-forefront-prvs: 09730BD177
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(136003)(376002)(346002)(366004)(39860400002)(199004)(189003)(14454004)(68736007)(72206003)(7736002)(256004)(86612001)(966005)(478600001)(10090500001)(14444005)(4326008)(54906003)(316002)(52536013)(10290500003)(5660300002)(25786009)(66066001)(22452003)(71190400001)(71200400001)(110136005)(8936002)(229853002)(6346003)(8990500004)(106356001)(97736004)(105586002)(74316002)(790700001)(6116002)(3846002)(446003)(236005)(53546011)(11346002)(6506007)(9686003)(55016002)(486006)(6306002)(54896002)(99286004)(476003)(606006)(81166006)(5070765005)(76176011)(7696005)(2906002)(33656002)(6436002)(6246003)(26005)(102836004)(53936002)(81156014)(8676002)(186003)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR00MB0339; H:BL0PR00MB0292.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: NipTKvLrO23gXN3948cFIGnIWvOhjEn0ZscUg+ZUgarLX8n5SdVyAUQDMBgtpqhgegDskvgcA75NfTxR7/WBrgw77ZOi/jROpeKShiGTWKr1OYAl03sgXlFm5I4TZBMAIaDYzBT0p4/D8bj46Y2kiD1Mei9R4Z/GbmX4gLo/ZT58Xspm0Zy38WofRDBkJ5tOjQXFtzRNB2Qmg7q3pLCb+4oxWJpscki0O/CphZU78B+fbS9De1/XVp9JRUsiaoPhIu1U8XurMvQGAfPvIm8y+TtGvfIv2zwtRm3OhzVEtu7sE2OJAk+//UFMVoQFWMQDbB6kPjyw6rQ+499I5EJPtDnUD/Y9x93UWJHtaN6l4/aOv70NrnRAB/sKC+pGZ8JfLRrDpe74xUDD2/Vryhybq8PBas96dec0XkiuCc8aPAM=
Content-Type: multipart/alternative; boundary="_000_BL0PR00MB0292BC5452DDB7A1EDA943F2F5480BL0PR00MB0292namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c5d0392a-5f9e-45b8-baaf-08d6a5d3dddf
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Mar 2019 03:44:29.7054 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR00MB0339
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/LSz6QIWYAQ-N_9uKaz0EWUD12_8>
Subject: Re: [Id-event] Push Delivery: working group last call
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 03:44:39 -0000

Having just finished editing the Poll spec, I’d like to add these points to my review of the Push spec.

5.2 TLS Support Considerations – Please change the sentence “In such cases, SET Transmitters and SET Recipients MUST require the use of a transport-layer security mechanism” to “In such cases, SET Transmitters and SET Recipients MUST encrypt the SET, either with a transport-layer security mechanism, with JWE <xref target="RFC7516"/>, or both”.  This will address my comment below and will match the corresponding text in draft-ietf-secevent-http-poll-02.

Acknowledgments – Delete the colon before draft-hunt-scim-notify-00 (matching a change to poll).

Acknowledgments – Change “the the SECEVENTS” to “the SecEvents” (matching a change to poll).

                                                       Thanks,
                                                       -- Mike

From: Mike Jones
Sent: Saturday, March 9, 2019 9:46 AM
To: 'Dick Hardt' <dick.hardt@gmail.com>; SecEvent <id-event@ietf.org>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>; Annabelle Richard <richanna@amazon.com>; Morteza Ansari (moransar) <moransar@cisco.com>; Phil Hunt <phil.hunt@oracle.com>; Anthony Nadalin <tonynad@microsoft.com>; Marius Scurtescu <marius.scurtescu@gmail.com>
Subject: RE: Push Delivery: working group last call

Here’s my review of draft-ietf-secevent-http-push-04.

Abstract – Delete the comma after “recipient”.

1.2 Definitions – Delete “as defined in [RFC8417]” as this was already cited in the introductory sentence.

1.2 Definitions – Delete entire “SET Recipient” definition, as this is already defined in RFC 8417.

2. SET Delivery – “SET Transmission Request” sounds like a defined term, but isn’t defined.  Please lowercase “transmission request”.

2. SET Delivery – Delete the comma after “acknowledging successful transmission of the SET”.

2. SET Delivery – Change “SET issuer” to “SET Issuer” in the fourth bullet (and wherever else it’s in lowercase).

2. SET Delivery – In “The mechanism for validating the authenticity of a SET is implementation specific” change “implementation specific” to “use case specific” or “deployment specific”, as it’s the use case that defines the validation rules – not the implementation.

2.1 Transmitting a SET – Change “may be implementation-specific” to “are use case specific”.

2.1 Transmitting a SET – Delete the second space in “POST /Events  HTTP/1.1”.

2.1 Transmitting a SET – Delete the signature value “c2lnbmF0dXJl” from the example JWT, since “alg”:”none” signatures must be empty.

2.2 Success Response – Delete the quotation marks around “acknowledge”.

3. Authentication and Authorization – Add a comma before “as per [RFC7235]”.

5.2 TLS Support Considerations.  Saying that a transport-layer security mechanism is REQUIRED when SETs contain PII is unnecessarily heavy-handed.  The SET could be JWE-encrypted, in which case the PII is already protected – so no transport-level security mechanism is needed in that case.  Please reword this to say that PII must be protected with encryption, either by using an encrypted SET or by using transport-level encryption.

7.1.1 Registration Template, Error Code – Please change the allowed characters to match those allowed in OAuth 2.0 “error” values.  See https://tools.ietf.org/html/rfc6749#appendix-A.7.

7.1.1 Registration Template, Change Controller – Change “Secevent” to “SecEvent”.

7.1.2 Initial Registry Contents, invalid_request – Delete the comma after “parsed as a SET”.

7.1.2 Initial Registry Contents, invalid_key – Delete the period between “SET Recipient” and “(e.g.” and add a period at the end of the description.

7.1.2 Initial Registry Contents, access_denied – Delete the word “provided”, as it is confusing and adds no actionable information.

Appendix A, Other Streaming Specifications – Add text saying that the working group is also defining the Poll transmission mechanism and reference draft-ietf-secevent-http-poll.  Perhaps include the description of this functionality from the abstract of the specification.

                                                       Thanks,
                                                       -- Mike

From: Dick Hardt <dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>>
Sent: Thursday, January 24, 2019 10:11 AM
To: SecEvent <id-event@ietf.org<mailto:id-event@ietf.org>>
Cc: Yaron Sheffer <yaronf.ietf@gmail.com<mailto:yaronf.ietf@gmail.com>>; Annabelle Richard <richanna@amazon.com<mailto:richanna@amazon.com>>; Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>; Morteza Ansari (moransar) <moransar@cisco.com<mailto:moransar@cisco.com>>; Phil Hunt <phil.hunt@oracle.com<mailto:phil.hunt@oracle.com>>; Anthony Nadalin <tonynad@microsoft.com<mailto:tonynad@microsoft.com>>; Marius Scurtescu <marius.scurtescu@gmail.com<mailto:marius.scurtescu@gmail.com>>
Subject: Push Delivery: working group last call

Dear SecEvent participants,

This is to start a 2-week working group last call on draft-ietf-secevent-http-push-04

https://datatracker.ietf.org/doc/draft-ietf-secevent-http-push/

until Feb 8, 2019.

Please send any comments to the list. In addition, if you have no comments but support publication of this document as-is, please make your voice heard.

Thanks,

     Dick and Yaron

v2.23.0 | Report a Bug | By Email