Re: [Id-event] Review of draft-ietf-secevent-http-push-05
"Richard Backman, Annabelle" <richanna@amazon.com> Fri, 12 April 2019 18:45 UTC
Return-Path: <prvs=99847403a=richanna@amazon.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 974BA1204AE for <id-event@ietfa.amsl.com>; Fri, 12 Apr 2019 11:45:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hm2TkOBbAIVW for <id-event@ietfa.amsl.com>; Fri, 12 Apr 2019 11:45:32 -0700 (PDT)
Received: from smtp-fw-2101.amazon.com (smtp-fw-2101.amazon.com [72.21.196.25]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8525F120486 for <id-event@ietf.org>; Fri, 12 Apr 2019 11:45:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1555094731; x=1586630731; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=fLbAvMlFKYNRSvGYaCQ7Xq0csi0o3IFDdKA6hm+MlH4=; b=q47556OtWnyMwUbcAJXMzThO2YMLmUKN/V7/zfbUSbHIl3fyAayhlSn5 HDnwKwpYzvJffMwrBJ6aqOZvfrkypvjoCZEVFZfaQm/v/xdsXNYfHv74v 2+T6T/g3buv5d7vcLeC7Un3M+Eoyv2p0D3OzXFQVWsRO8IecOdKF8jpmm w=;
X-IronPort-AV: E=Sophos;i="5.60,342,1549929600"; d="scan'208,217";a="727722806"
Received: from iad6-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-2a-6e2fc477.us-west-2.amazon.com) ([10.124.125.2]) by smtp-border-fw-out-2101.iad2.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 12 Apr 2019 18:45:29 +0000
Received: from EX13MTAUWC001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198]) by email-inbound-relay-2a-6e2fc477.us-west-2.amazon.com (8.14.7/8.14.7) with ESMTP id x3CIjSiO042873 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 12 Apr 2019 18:45:28 GMT
Received: from EX13D11UWC003.ant.amazon.com (10.43.162.162) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 12 Apr 2019 18:45:27 +0000
Received: from EX13D11UWC004.ant.amazon.com (10.43.162.101) by EX13D11UWC003.ant.amazon.com (10.43.162.162) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 12 Apr 2019 18:45:27 +0000
Received: from EX13D11UWC004.ant.amazon.com ([10.43.162.101]) by EX13D11UWC004.ant.amazon.com ([10.43.162.101]) with mapi id 15.00.1367.000; Fri, 12 Apr 2019 18:45:26 +0000
From: "Richard Backman, Annabelle" <richanna@amazon.com>
To: Dick Hardt <dick.hardt@gmail.com>, Mark Dobrinic <mark.dobrinic@curity.io>
CC: Yaron Sheffer <yaronf.ietf@gmail.com>, SecEvent <id-event@ietf.org>
Thread-Topic: [Id-event] Review of draft-ietf-secevent-http-push-05
Thread-Index: AQHU5IutOZUVrVTrJESXp7DKtzB1gKY3jIAAgAD02QA=
Date: Fri, 12 Apr 2019 18:45:26 +0000
Message-ID: <6FECBDD3-DE6B-4050-BBD8-E40C46475A21@amazon.com>
References: <71b9d281-46f9-8bb4-3524-211e5ab7fa55@curity.io> <CAD9ie-v0v8vaoc_Tz4EhTz_XKCWQkfdsJ2duySSZpZ52r9rUvg@mail.gmail.com>
In-Reply-To: <CAD9ie-v0v8vaoc_Tz4EhTz_XKCWQkfdsJ2duySSZpZ52r9rUvg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.0.180812
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.161.23]
Content-Type: multipart/alternative; boundary="_000_6FECBDD3DE6B4050BBD8E40C46475A21amazoncom_"
MIME-Version: 1.0
Precedence: Bulk
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/DFt_4egsYBS2HE-Rwb2KcixDgDc>
Subject: Re: [Id-event] Review of draft-ietf-secevent-http-push-05
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 18:45:35 -0000
Thanks for the review, Mark! [richanna]Responses inline[/richanna]. -- Annabelle Richard Backman AWS Identity From: Id-event <id-event-bounces@ietf.org> on behalf of Dick Hardt <dick.hardt@gmail.com> Date: Thursday, April 11, 2019 at 2:09 PM To: Mark Dobrinic <mark.dobrinic@curity.io> Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, "Richard Backman, Annabelle" <richanna@amazon.com>, SecEvent <id-event@ietf.org> Subject: Re: [Id-event] Review of draft-ietf-secevent-http-push-05 Mark: thanks for the review and feedback Annabelle: have you had a chance to review the feedback? On Wed, Mar 27, 2019 at 3:55 AM Mark Dobrinic <mark.dobrinic@curity.io<mailto:mark.dobrinic@curity.io>> wrote: Hi id-event, Read through draft 05, and here's some of my findings. With the disclaimer that I am not fully aware of the historical discussions that led to this draft. - Section 2.0 mentions: "Once a SET has been validated and persisted, the SET Recipient SHOULD immediately return a response ..."; there's a bit of a gap on what to do when the SET was validated but failed to persist. The errors don't (and probably shouldn't?) cover this, as this might be considered business logic on the recipient's part? Section 2.2 talks about "appropriate retention requirements", which is nicely formulated. This type of wording might be also snuck in to the language of section 2.0's paragraph ("Once the SET has been validated and persisted ..") [richanna] Persistence failures are no different from any other business logic failure on the SET Recipient side. In such cases the SET Recipient would return a 500, as allowed for by the first paragraph of 2.3: In the event of a general HTTP error condition, the SET Recipient SHOULD respond with an appropriate HTTP Status Code as defined in Section 6 of [RFC7231]. The paragraph in 2.0 before the one you quote recommends the SET Recipient persist the SET “in a way that is sufficient to meet [their] reliability requirements”. This seems to me to provide the same guidance as the text in 2.2; do you feel that something is missing or unclear from that paragraph? [/richanna] - Is the `description` field in the error response REQUIRED? [richanna] Yes, both `err` and `description` are REQUIRED. The second paragraph of 2.3 contains the text: …the body [of the error response] MUST be a UTF-8 encoded JSON [RFC7159] object containing the following name/value pairs: …followed by the `err` and `description property definitions. [/richanna] - Is there a reason why the `authentication_failed` failure response should not return a HTTP/401 Unauthorized HTTP status code? [richanna] HTTP status 401 requires a WWW-Authenticate response header, which may or may not be appropriate depending on the authentication method(s) in use by the SET Recipient. [/richanna] - Section 5.1 talks about the SET Issuer being authorized to deliver the SET; should this not be the SET Transmitter? [richanna] Yes, this should say “SET Transmitter” instead of “SET Issuer”. [/richanna] - Section 5.4 on authenticating persisted SETs; Not sure if I understood this correctly, but if a SET Transmitter can send a SET that was issued by a different SET Issuer, how would the signature verification key be resolved to authenticate the SET? 5.4 talks about the SET *Transmitter* signing the SET, should this not be the SET *Issuer*? Or is this out of scope? [richanna] Technically, it could be either, e.g., if the issuer issued an unsigned, unencrypted SET and provided it to the transmitter, the transmitter could encrypt the SET (creating a nested JWT), and that would address the concerns laid out in 5.4. But on re-reading 5.4, I think this requirement should be applied to the *SET Recipient*, as they are the party that has the downstream authentication requirements necessitating this behavior. The last part of the last sentence of 5.4 should be changed to something like: …then the SET Recipient SHOULD ensure that such SETs have been signed in accordance with RFC7515 and/or encrypted using authenticated encryption in accordance with RFC7516. [/richanna] Nitpicks: - The sentence above the examples (e.g. in section 2.2) should always end with a colon ':' ("The following is ... a SET:"), or end with a period '.'. Don't care which, but looks nicer if it's the same everywhere. I think only 2.2 falls out of line. - The text above Figure 5 says "SET Receiver", should be "SET Recipient" Hope this helps to wrap it up to publication :) -- Regards, Mark Dobrinic Software Engineer and Identity Specialist Curity AB mark.dobrinic@curity.io<mailto:mark.dobrinic@curity.io> www.curity.io<http://www.curity.io> _______________________________________________ Id-event mailing list Id-event@ietf.org<mailto:Id-event@ietf.org> https://www.ietf.org/mailman/listinfo/id-event
- [Id-event] Review of draft-ietf-secevent-http-pus… Mark Dobrinic
- Re: [Id-event] Review of draft-ietf-secevent-http… Dick Hardt
- Re: [Id-event] Review of draft-ietf-secevent-http… Richard Backman, Annabelle
- Re: [Id-event] Review of draft-ietf-secevent-http… Marius Scurtescu