Re: [Id-event] Alissa Cooper's No Objection on draft-ietf-secevent-token-11: (with COMMENT)
Phil Hunt <phil.hunt@oracle.com> Wed, 09 May 2018 23:25 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92FEA12DA17; Wed, 9 May 2018 16:25:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xOuWUiYuYnIy; Wed, 9 May 2018 16:25:31 -0700 (PDT)
Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5188412D7F3; Wed, 9 May 2018 16:25:31 -0700 (PDT)
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w49NKvDv182023; Wed, 9 May 2018 23:25:27 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=corp-2017-10-26; bh=WofrR0ThnVgOdNLHwrPgFYvlQAEEpYiKjjWx/PDWCpg=; b=iXFjDcbvAmpzmyglPLBW1fdt489St138tphWbvI5KQ/7wK7daZ1mBKwKTTwZZ6oOEtFT uzI1nTUq5/B5tEHnPU+sAp6c0++XgUleK7fBYrXmwycb2AqqLklDJMdaWKcSpUZYdmkK lCs7jqxy+LPAdy1Do/2bw3eBUENk3oTz0s1GMm2iI+gTYiYyQA6/EqfWq7TddIRRu9dT zGPYs3EpslnnkNy6OKbf6x84M9Gb28wmFTBlgc6xd/459RWzLW/CrVIazshPObdrzsKq NCIWETrv47OcIy/QFlo6TRgcWqOq53pcXkyHnruIwwZPegJDZh/OHamPDHS6HVoQkuxK Yg==
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2130.oracle.com with ESMTP id 2hv6kp93dv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 09 May 2018 23:25:26 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w49NPQCm019375 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 9 May 2018 23:25:26 GMT
Received: from abhmp0016.oracle.com (abhmp0016.oracle.com [141.146.116.22]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w49NPP2Z020576; Wed, 9 May 2018 23:25:25 GMT
Received: from [10.0.1.37] (/24.86.190.97) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 09 May 2018 16:25:25 -0700
From: Phil Hunt <phil.hunt@oracle.com>
Message-Id: <993988C7-0C27-465D-9BEE-9BD40861F93B@oracle.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6F9B7266-3239-46AC-B03C-47DBCBA5161F"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Wed, 09 May 2018 16:25:24 -0700
In-Reply-To: <152589422080.3937.17278656045470630984.idtracker@ietfa.amsl.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-secevent-token@ietf.org, Yaron Sheffer <yaronf.ietf@gmail.com>, secevent-chairs@ietf.org, id-event@ietf.org
To: Alissa Cooper <alissa@cooperw.in>
References: <152589422080.3937.17278656045470630984.idtracker@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3445.6.18)
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8888 signatures=668698
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=8 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805090215
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/5EFThFB-oOLlfrGk7UNsI1doOXE>
Subject: Re: [Id-event] Alissa Cooper's No Objection on draft-ietf-secevent-token-11: (with COMMENT)
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 23:25:34 -0000
Alissa, Your feedback is now posted in draft 12. Thanks again, Phil Oracle Corporation, Identity Cloud Services Architect @independentid www.independentid.com <http://www.independentid.com/>phil.hunt@oracle.com <mailto:phil.hunt@oracle.com> > On May 9, 2018, at 12:30 PM, Alissa Cooper <alissa@cooperw.in> wrote: > > Alissa Cooper has entered the following ballot position for > draft-ietf-secevent-token-11: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-secevent-token/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > = Sec. 5.1 = > > "Security events distributed through third parties or that carry > personally identifiable information SHOULD be encrypted using JWE > [RFC7516] or secured for confidentiality by other means." > > The SHOULD here seems like it should be a MUST unless there are obvious exception cases. > > = Sec. 5.2 = > > "In > addition to confidentiality and integrity (discussed above), > implementers and profiling specifications MUST consider the > consequences of delivery mechanisms that are not secure and/or not > assured." > > The "implementers ... MUST consider" construction seems like an odd use of normative language. > >
- [Id-event] Alissa Cooper's No Objection on draft-… Alissa Cooper
- Re: [Id-event] Alissa Cooper's No Objection on dr… Phil Hunt
- Re: [Id-event] Alissa Cooper's No Objection on dr… Phil Hunt
- Re: [Id-event] Alissa Cooper's No Objection on dr… Alissa Cooper