Re: [Id-event] Benjamin Kaduk's Yes on draft-ietf-secevent-http-poll-11: (with COMMENT)
Mike Jones <Michael.Jones@microsoft.com> Thu, 25 June 2020 04:06 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DF983A1267; Wed, 24 Jun 2020 21:06:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tczebK3mA3pw; Wed, 24 Jun 2020 21:06:55 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650139.outbound.protection.outlook.com [40.107.65.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96C1E3A11FB; Wed, 24 Jun 2020 21:06:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nWUCPRlXDd6vlKZTb2hhjusU09+mk3sPFF0SBSnNApWC73NXNA6DgdERW5JaHXkKesGKAghRTZag/uwnZKLfR1bHmOns+YkEAcuBFqIUJHlAxoyXGTey/l6g25cZqxUy7GcBt2mW9YAxt30gOTZpfCLlOMyhNgVCvY/ICK+83EX6mQJn6XB+kENEtvUBmdqfTVNTKNbJMZ85mSfr+RyEI7m5bhl34f/B1bV6y7Bq3mlGRKQ4uvYMlGM/GAyC9Ro/XXdPH2RvHfDLRRUR4aW+9P4V1ypEMks4/8UV4uc9hYsdChPqTXV8SLhKvpDE8CRKzZy7JVbT8v232VxkR78hbg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SvzcXoKtYvQOQhwLLsD4FSlZbwXnKxFbHf1lwI3vg1c=; b=AG9p0nUYWhhSqzfDuQeq4JFHu7/A99AfC+ypPzlN1sLBT7YuHE6Jk0Ai855na2pn4o1v8ufB2eDk5RxZfZcOn3L1psEvqyJ974BBlbTE7zMuDyddmyoKC8DXHj4RKyDXsg4Jtu9dzkbBjyS/doAz9a4aIlkYEzHnHZXOJlIceSiJzbFhYJNMIYPw4PKPka1R0pH63qA2e7Q8EtS6fN+sr3Yfisgh/N38Gf2+ibQ/RRnSc6uooVtGowYIs07ytc8oMSXjf6SHo+8+Ba0S1tU6X+pNgXwwV7fhjJ3lSHSzHTFNlIOcynQF/hvaDH5w88NLVrR3+t1E9o7i489OL6TO2g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SvzcXoKtYvQOQhwLLsD4FSlZbwXnKxFbHf1lwI3vg1c=; b=TcNetCJlMHY0PPvG9RoZFD/wxSiD/2UjxNiLGPAmvPi29PLzGQtdwuTSuUB+kWBX0YEI61kKABqSUPRugI7aHxycb5+HDc8JNgXBLO6Ruf+8VSozAWSnYKXI1RroVVpyvMReE8aE9BJxxOWx71MU+t2wYBGUMW7keYzvu8fT3Ns=
Received: from CH2PR00MB0678.namprd00.prod.outlook.com (2603:10b6:610:a9::23) by CH2PR00MB0811.namprd00.prod.outlook.com (2603:10b6:610:6f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3173.0; Thu, 25 Jun 2020 04:06:53 +0000
Received: from CH2PR00MB0678.namprd00.prod.outlook.com ([fe80::3c44:1c81:e278:edb0]) by CH2PR00MB0678.namprd00.prod.outlook.com ([fe80::3c44:1c81:e278:edb0%2]) with mapi id 15.20.3173.000; Thu, 25 Jun 2020 04:06:53 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Benjamin Kaduk <kaduk@mit.edu>, The IESG <iesg@ietf.org>
CC: "draft-ietf-secevent-http-poll@ietf.org" <draft-ietf-secevent-http-poll@ietf.org>, "secevent-chairs@ietf.org" <secevent-chairs@ietf.org>, "id-event@ietf.org" <id-event@ietf.org>, Yaron Sheffer <yaronf.ietf@gmail.com>
Thread-Topic: Benjamin Kaduk's Yes on draft-ietf-secevent-http-poll-11: (with COMMENT)
Thread-Index: AdZKpg3P3HfYyd84SK+oRr/Mjqi5nA==
Date: Thu, 25 Jun 2020 04:06:53 +0000
Message-ID: <CH2PR00MB0678648AF8DAE1694E6DEFBAF5920@CH2PR00MB0678.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=5743b1ea-ef38-4e4a-988f-222ba4eb321e; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-06-25T03:56:43Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.87.252]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: db07e5ae-ce1f-4bd8-55fd-08d818bd31d4
x-ms-traffictypediagnostic: CH2PR00MB0811:
x-microsoft-antispam-prvs: <CH2PR00MB081104879CB9299599E29018F5920@CH2PR00MB0811.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: EqAT2EFcYUR8V620RknGb1wJpr/v+g3XSKsB5pfYZbzoHDdOg1njcH7z9y4No5OXYGwEO7Ln5ND9yatIOCgpYRSxYzRXaDLYzUERY7sKtvjS86fOUmlxeBjFPQpIZVIqrCLsYBFDzfEAbxMFHdr23uGYegVIlsFqJnkRw1pci+LswAaVaS3Nq5ezXizHo+Z/LEZZTXnJiUJmffOLhe9aTGjyPZeTQWP1l7bb9eVMfj8pHe3Y9opjPdZMi8WIKrvULHmqMkE3IvFNTGyidUnIYLS9cEe7rAaaf5F0j88lnL7fBwUMY2MmetEFpFqYGWPLh09yMLt14Crw/cPdZD1UumxttUaKO2gHJuqaxqn5vun+ScjPAPghhcFtRQeeJiYZ1HxvN/3g7JygeuGm6t4OSA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR00MB0678.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(396003)(346002)(136003)(366004)(376002)(5660300002)(66476007)(66446008)(54906003)(33656002)(8676002)(82950400001)(82960400001)(52536014)(55016002)(71200400001)(9686003)(2906002)(4326008)(83380400001)(26005)(7696005)(110136005)(76116006)(966005)(186003)(64756008)(10290500003)(66556008)(86362001)(66946007)(316002)(53546011)(6506007)(8936002)(8990500004)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: GLDMIv9bX+TDrMi+b75IkHeZ4/Gvi0F1WMBNzCd+VPOHGEXYPRY4mez6s9W6EsvsMB0LTSxFNbCU5tnmeRsPj7uThPpKEfyU0aKaoO40Qc92sQVLzHrVR0r11gSgqD+XR1TOpjrqRQpMVj554AHxg8VN8fvx4oUqxZZl3VOaliIu994BjfscL+y2R6SOlMuXjoJaSK5E7rasEXpx44p3l+6rAQHbWQ65kFsRKcjw6PJyngjDXkpf6UIQYBvigiQ4L9qleN/0X53ElB0Z3y0I3XozWkyWNCUDO1cA3SLAuAHnu2VtAJdtZoUBk1fQPvBxILR4cBC7TceTk0noKsgQohEjz0Nr2T7bOzkWCVbu5RJs0s7J5Vod0N7wbP3aR/2FOw7GpBwuHLBA1JsI6OG4QU/52qRj/aa2fAUyjgSB7jkOlSepWvU6n5ytmDmZ3jtHVn0GURysh2B14J7wBDN1LjTMwpLrKz1wuO4kKwJ6qH8=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR00MB0678.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: db07e5ae-ce1f-4bd8-55fd-08d818bd31d4
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jun 2020 04:06:53.5834 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Buy8Ew/WefQ3v23tK2UDaADs6EhuBAmPir5ycYiCZy0WKLm8qbgLuj2Yv2dMxRslEH/cAEGu2Wpd0NWoBcc9MQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR00MB0811
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/cyC08alqiByjgbXnCYlEXHb64NU>
Subject: Re: [Id-event] Benjamin Kaduk's Yes on draft-ietf-secevent-http-poll-11: (with COMMENT)
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2020 04:06:58 -0000
Thanks for your review, Ben. https://tools.ietf.org/html/draft-ietf-secevent-http-poll-12 is intended to address your comments. Detailed replies are inline, prefixed by "Mike>". -----Original Message----- From: Benjamin Kaduk via Datatracker <noreply@ietf.org> Sent: Tuesday, June 16, 2020 6:00 PM To: The IESG <iesg@ietf.org> Cc: draft-ietf-secevent-http-poll@ietf.org; secevent-chairs@ietf.org; id-event@ietf.org; Yaron Sheffer <yaronf.ietf@gmail.com>; yaronf.ietf@gmail.com Subject: Benjamin Kaduk's Yes on draft-ietf-secevent-http-poll-11: (with COMMENT) Benjamin Kaduk has entered the following ballot position for draft-ietf-secevent-http-poll-11: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-secevent-http-poll/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Prompted by Mark Notthingham's comments, we should perhaps leave some breadcrumbs that -push has discussion of alternatives considered and rejected, though this is less important if that section is to be removed prior to publication as an RFC. Mike> I added a parallel appendix in the Poll draft referencing the one in the Push draft. It may be worth mentioning explicitly in Section 1 that one of the pieces of configuration metadata to be exchanged includes the authentication/authorization information for the Recipient, or to discuss Recipient authentication/authorization in Section 3 where server (i.e., Transmitter) authentication is covered. Mike> I added this statement: "Likewise, the SET Transmitter may choose to validate the identity of the SET Recipient, perhaps using mutual TLS." When we reference RFC 6125, we only mention the DNS-ID name type in Section 4.3 but not in Section 3. As for -push, we don't necessarily need to mention it in both places, but it might be nice to be consistent or to remove some of the redundancy. Mike> DNS-ID is now consistently referenced across both drafts. Section 5 As for -push, I think both SET Issuers and Transmitters (not just one or the other) should consider the ramifications of sharing a particular SET. While it's true that (as the secdir reviewer of -push noted) when JWE is used the Issuer has sole knowledge/control, but in other cases the Issuer may not know the full recipient list. Mike> Both are now called out. Thanks again, -- Mike
- [Id-event] Benjamin Kaduk's Yes on draft-ietf-sec… Benjamin Kaduk via Datatracker
- Re: [Id-event] Benjamin Kaduk's Yes on draft-ietf… Mike Jones