Re: [Id-event] AD review of draft-ietf-secevent-http-poll-06
Mike Jones <Michael.Jones@microsoft.com> Fri, 07 February 2020 17:18 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB8FD1200DB; Fri, 7 Feb 2020 09:18:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.991
X-Spam-Level:
X-Spam-Status: No, score=-1.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o3VILAyRo_k2; Fri, 7 Feb 2020 09:18:09 -0800 (PST)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-dm3nam06on072d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe56::72d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9A981200C7; Fri, 7 Feb 2020 09:18:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lkt+K44EI3NcehpOj8QA+oX9Q048AB2TnWXYuaUmDV3DZZqZb5u0OZH/nDIaXsfJT5z4rPAg8F4VNSN4i4kdblGEjIrS+Q8NBNY0ibF0nh0WWs46T9KHU92HB+b3SxC0lGSSkKQVoyVTju04PNe4wrb4FAbcPXhkYjZ+ZG2QVGQobp0oW7TVXXbgYKjAdrMvF/CxQF3HUA8X/jqFKbdiSmlZDtnree7mLljYAu3WGSLhZeNgLK1Si4RDWzCPkweO3OVUkrO27YSHL0uwDCg3OUn8HlpRDO+/HIw+hSa6aXhVdMQrVvFrsjVLfUTRXnCouQvVGive6rwrcN27tPVWyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DsVbXrzwCgcv+DPTVammUVXto2Sz+DB3L6nkUlI2mm8=; b=QPvLJGJPjYQXDI3V7RSJcvv7l4xMy6Mbvk84MposGXOIsMAJMiombcBUt4RmKV1Kt+rq6lmrfhVhpmHgaaSN0bz3QhKcTy5VGNBuQW5Lixf4qii7F1AvhtMsdYLSEvSArS4XsOjtbqOq9YWlLPRs6uy4OgiWP5yYpActBlK2s2Yu5Lsa7BtKvlOP5ervwoumvj60PxYnY0YpKjRbXMsBoJlCOQVV5NaRLUBw+Rsz/w64nY6d19Mq3f6GU1pba7erCGHbIuYYIK44nz1NSlaNl7cflJOUHsCZ6pk7IByVnORN3W97cqdWwI1hkIpo/BkEFVdS8VOBb/vswEmLIZlXdw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DsVbXrzwCgcv+DPTVammUVXto2Sz+DB3L6nkUlI2mm8=; b=P+X3lr0vP8o4dRJNlt4LsGjysrmAAU/t1GQuD8HaRtnU75mKfwQHQ5xPMf4MbuPASetwWD38AXkqj5W0GL9V66TaGVXi8JBz7flzI/37WegBU2fLmtYPI3zMVccJkBPno4Rd14f5GxLjv/3jS6BskSMslXEMvZN2uFgtHPLqMPo=
Received: from DM6PR00MB0682.namprd00.prod.outlook.com (10.141.184.216) by DM6PR00MB0815.namprd00.prod.outlook.com (20.179.166.215) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2747.0; Fri, 7 Feb 2020 17:18:05 +0000
Received: from DM6PR00MB0682.namprd00.prod.outlook.com ([fe80::14b9:506:d536:fd07]) by DM6PR00MB0682.namprd00.prod.outlook.com ([fe80::14b9:506:d536:fd07%9]) with mapi id 15.20.2753.000; Fri, 7 Feb 2020 17:18:05 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Benjamin Kaduk <kaduk@mit.edu>, "draft-ietf-secevent-http-poll.all@ietf.org" <draft-ietf-secevent-http-poll.all@ietf.org>
CC: "id-event@ietf.org" <id-event@ietf.org>
Thread-Topic: [Id-event] AD review of draft-ietf-secevent-http-poll-06
Thread-Index: AdXd2n4v0sjGSvn6Sru3a8O/W+S93g==
Date: Fri, 07 Feb 2020 17:18:04 +0000
Message-ID: <DM6PR00MB0682195CCCE92C19A2585777F51C0@DM6PR00MB0682.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=0761b9d2-392f-4065-9a52-00000e2742d3; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-02-07T15:08:51Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [8.46.75.3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 46f84976-acae-4d4e-3f44-08d7abf1b18b
x-ms-traffictypediagnostic: DM6PR00MB0815:
x-microsoft-antispam-prvs: <DM6PR00MB08150613DC08E35F7E1B6293F51C0@DM6PR00MB0815.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0306EE2ED4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(39860400002)(346002)(376002)(366004)(396003)(136003)(189003)(199004)(6506007)(9686003)(53546011)(2906002)(55016002)(30864003)(76116006)(7696005)(4326008)(8990500004)(186003)(26005)(966005)(316002)(52536014)(5660300002)(10290500003)(86362001)(478600001)(81166006)(81156014)(71200400001)(8936002)(33656002)(66446008)(66556008)(64756008)(66946007)(110136005)(66476007)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM6PR00MB0815; H:DM6PR00MB0682.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: KrNNj9VxdfGDv03///XZyLtctGIW69i/G0Rb/FLvbp2LDSZ9JIddekhzFJI2tt5/A0knN4g/AExb93edxjVHDFUyfOqxRJsA83lid1T/YRtKzuBiwVNC2F2qkdYw1h7rTQmvg8ThzBV9p5tgeNZY+i6iSomp/xSKoG2xAwMuaGky6dCXuY06FG7LTGvkXdQYb7s3RUolYWT1KCJJdmKGkXN5olQj3U39xJkH/3dfBfm0oWKV8iB4ao6dK+12DTWNSwx9Oh/+PGbs1UpsbxqKaue3f7pfHSxmaSkLLa/jmGv8EnhQc8W7Mfe8Yu+D0w4fjaQFX3AwO1fvIXejH0omQgXjE5WWbYAEeGgDZnOmlsbasj8r1ZeG2Mghu4WdEO3ncYTjHGYL8B+QiJ65VDHbzHj5fnHhpL2rMcz6oC0UKTv/VJgkqHC5MK1RoeDt5KAuqqYA+vIM9A9kxDBaEg+1ksytOZKKTt54oYQyIKCSlbptaXDwZVXqetWZZz8q9guea1ypF3YOkapEvmIYJfXp3A==
x-ms-exchange-antispam-messagedata: Tl3Xa/E7BG5s9xDVYdmcD2de6bG8w1Ul8PVc01uKxlptg0Jm+VvsIgvWYUjYXGaHtJiCZHY+PHE+QQp6XZfwUw6e2h0bEGWjUdnLaUWpfSJh6Yhk1mTNmTRQQBiTnsGwYMFg2Sbi7/si2XBBWGc6AQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB0682195CCCE92C19A2585777F51C0DM6PR00MB0682namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 46f84976-acae-4d4e-3f44-08d7abf1b18b
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2020 17:18:04.9130 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mGBhgA59Uw0NbjjQklYoLLe3kxjQ1pPFlUxNX5hxE2un81VvrmavbZ17NEuC6orwH7cAS5nc7le17V/ZqQgT2Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0815
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/J-bkm8wLBqEeYWq67dWJ4KCiuk0>
Subject: Re: [Id-event] AD review of draft-ietf-secevent-http-poll-06
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 17:18:14 -0000
draft-ietf-secevent-http-poll-07<https://tools.ietf.org/html/draft-ietf-secevent-http-poll-07> was published to address these review comments. (-08<https://tools.ietf.org/html/draft-ietf-secevent-http-poll-08> addressed additional editorial nits.) Descriptions of the changes made for these comments are inline, prefixed by "Mike>". -----Original Message----- From: Id-event <id-event-bounces@ietf.org> On Behalf Of Benjamin Kaduk Sent: Tuesday, December 10, 2019 4:37 PM To: draft-ietf-secevent-http-poll.all@ietf.org Cc: id-event@ietf.org Subject: [Id-event] AD review of draft-ietf-secevent-http-poll-06 Hi all, The changes here are also fairly straightforward, so we should be able to run the IETF LC for push and poll concurrently. As is the case for push, we should probably cite RFC 8446 somewhere in addition to 5246. There's not as clear of a rhetorical need to reference RFC 2818 here, but it's not wrong to do so. Mike> Done Section 1 A mechanism for exchanging configuration metadata such as endpoint URLs and cryptographic key parameters between the transmitter and recipient is out of scope for this specification. How SETs are [my comment about JWT signing key vs. TLS certificate/etc. from push applies here, to] Mike> Like in Push, this has been simplified to simply "cryptographic keys". Section 1.1 Throughout this document, all figures MAY contain spaces and extra line wrapping for readability and due to space limitations. I suggest using the lowercase "may", as there's not much point in giving normative guidance to the authors of this document, from within this document. Mike> Done Section 2 When a SET is available for a SET Recipient, the SET Transmitter attempts to deliver the SET by queueing the SET in a buffer so that a SET Recipient can poll for SETs using HTTP/1.1 POST. nit: I expect some other reviewers to want to wordsmith this sentence, so as an effort to forestall it, I suggest s/attempts to delivery/prepares to deliver/ (or similar). The idea being that if you always know you're going to enqueue, that isn't really an "attempt at delivery". Mike> Done [I-D.ietf-secevent-http-push]. The SET Recipient MUST acknowledge receipt to the SET Transmitter. The SET Recipient SHALL NOT use the I expect we'll get some IESG comments about this sentence (e.g., "is there a time bound on when the acknowledgment has to happen?", "is the transmitter expected to bound the length of its queue and drop new events if the recipient fails to acknowledge in a timely manner?"), though I don't have any specific changes I personally propose. That is, if you want to leave it as-is and see what happens, I'm okay with that. (Even a forward-reference to Section 2.4 that has "(e.g., seconds or minutes)" might help.) Mike> Added "and SHOULD do in a timely fashion, as described in <xref target="pollRequest"/>". Section 2.1 more SETs. Requests MAY be made at a periodic interval (short polling) or requests MAY wait, pending availability of new SETs using long polling, per Section 2 of [RFC6202]. Someone who follows the references would probably be able to figure out that in general, short-polling is fairly likely to result in some zero-SET responses, and long-polling is generally likely to result in some SETs being returned. So it's not clear to me whether we want to think about putting a bit more detail inline here, especially since there are no hard guarantees in either case. Mike> Added the new sentence starting "Note that short polling will result in retrieving zero or more SETs"... o after validating previously received SETs, the SET Recipient initiates another poll request using HTTP POST that includes acknowledgement of previous SETs and waits for the next batch of SETs. nit: "waits for the next batch" could be read as implying long-polling, to the exclusion of short-polling. Maybe just using "requests" (as per the previous bullet) again is best. Mike> Done Section 2.2 acknowledgement parameters in the form of JSON objects. The request payloads are delivered in a JSON document, as described in Section 2.4 and Section 2.5. nit: 2.5 covers *response* payloads. I'm not sure whether we want to cover both requests and responses here or just requests, but we should be consistent. Mike> I deleted the poorly worded sentence, as what it was trying to convey is already normatively described better elsewhere. ack A JSON array of strings whose values are the "jti" values of successfully received SETs that are being acknowledged. If there are no outstanding SETs to acknowledge, this member is omitted. When acknowledging a SET, the SET Transmitter is released from any obligation to retain the SET. nit: as currently written, this is saying that the Transmitter is acknowledging a SET. So we probably want something like "When the request is acknowledging a SET" or "When a SET has been acknowledged". Mike> Reworded to "Once a SET has been acknowledged, the SET Transmitter is released from any obligation to retain the SET.". setErrs A JSON object with one or more members whose keys are the "jti" values of invalid SETs received. The values of these objects are themselves JSON objects that describe the errors detected using the "err" and "description" values specified in Section 2.6. If there are no outstanding SETs with errors to return, this member is omitted. nit: I suggest s/return/report/, as it avoids the misparse "(SETs with errors) to return" of the intended "SETs with (errors to return)". Mike> Done Section 2.3 In response to a poll request, the SET Transmitter checks for available SETs and responds with a JSON document containing the following JSON object members: As written, this seems to require that both 'sets' and 'moreAvailable' are always present, so that we do not need to set a default behavior for the absence of 'moreAvailable'. If that's correct, we might want to specify some error handling for when the response is malformed in that manner. Mike> It now says that "moreAvailable" can be omitted and defines what that means. (Note that an example already omitted it.) sets A JSON object that contains zero or more nested JSON objects. Each nested JSON object's key corresponds to the "jti" of a SET to be delivered, and its value is a JSON string containing the value of the encoded corresponding SET. If there are no outstanding SETs to be transmitted, the JSON object SHALL be empty. I think the -03 may have been overzealous with its s/attribute/object/ change -- we don't have nested objects within 'sets'. That is, there's the toplevel JSON object for the response, which has a map key "sets", and the value corresponding to the "sets" key is a JSON object. But the contents of that last object is just string/string keys/values, with the keys being "jti" values and the values being the corresponding encoded SETs. So I think this should be "contains zero or more key/value pairs. Each key string is the "jti" value of a SET to be delivered, and the value is the corresponding encoded SET" (or similar). Mike> I completely rewrote this language, eliminating the incorrect "nested", and substantially simplifying it. Section 2.4 After a period of time configured between the SET Transmitter and Recipient, a SET Transmitter MAY redeliver SETs it has previously delivered. The SET Recipient SHOULD accept repeat SETs and acknowledge the SETs regardless of whether the Recipient believes it has already acknowledged the SETs previously. A SET Transmitter MAY limit the number of times it attempts to deliver a SET. I'm assuming that "redeliver" here involves using the exact same encoded SET, including 'jti'. On that assumption, I expect to get some IESG comments about this paragraph, regarding what layer "reliability" should be at (since, e.g., we get an HTTP 200 in response to our explicit ack message) and perhaps about the pacing/rate of such retransmits. But it's okay to wait and see what happens; I can't predict sufficiently accurately what comments we might receive to be confident about a preemptive "fix". Mike> Per your analysis above, I didn't change this text at this time. If the SET Recipient has received SETs from the SET Transmitter, the SET Recipient SHOULD parse and validate received SETs to meet its own requirements and SHOULD acknowledge receipt in a timely fashion (e.g., seconds or minutes) so that the SET Transmitter can mark the SETs as received. SET Recipients SHOULD acknowledge receipt before Section 2 has "MUST acknowledge receipt" but this is just "SHOULD acknowledge receipt in a timely fashion". While technically these are not conflicting requirements, it's awfully close, and it would be good to harmonize them. Mike> The new text cited above "and SHOULD do in a timely fashion, as described in <xref target="pollRequest"/>" achieves this harmonization. Section 2.4.4 { "ack": ["3d0c3cf797584bd193bd0fb1bd4e7d30"], "setErrs": { "4d3559ec67504aaba65d40b0363faad8": { "err": "jwtAud", "description": "The audience value was invalid." } }, "returnImmediately": true } Figure 5: Example Poll Acknowledgement with Error I don't see "jwtAud" as a to-be-registered value in the "Security Event Token Delivery Error Codes" registry established by the push document, nor do we register it from this document. Mike> The example now uses a defined error code. Section 2.5 In response to a valid poll request, the service provider MAY respond immediately if SETs are available to be delivered. If no SETs are available at the time of the request, the SET Transmitter SHALL delay responding until a SET is available or the timeout interval has elapsed unless the poll request parameter "returnImmediately" is "true". We may get someone asking for us to specify here what the behavior is when "returnImmediately" is "true". I know it's described previously in the document, so may not be strictly required, but it may be helpful to have nonetheless. This would also give an opportunity to reword to "if the poll request parameter 'returnImmediately' is false, the SET transmitter SHALL delay responding until <X or Y>", as the current formulation is perhaps ambiguous as to whether the statement groups as "until (X or Y) unless Z" or "until (X) or (Y unless Z)". Mike> I tightened this up with the new language "unless the poll request parameter <spanx style="verb">returnImmediately</spanx> is present with the value <spanx style="verb">true</spanx>". The following is a non-normative example response to the request shown in Section 2.4, which indicates that no new SETs or unacknowledged SETs are available: I think we should pick a subsection (2.4.1?) of Section 2.4, since there's not an example request at the toplevel. Mike> I now cite the subsection. Section 2.5.1 The response body for responses to invalid poll requests is left undefined. Can you refresh my memory of the WG discussions where we concluded this should not be defined? This is likely to be a magnet for comments and I'd like to be able to respond properly to them. Mike> I added that the body "SHOULD be ignored." Section 2.6 If a SET is invalid, error codes from the IANA "Security Event Token Delivery Error Codes" registry established by [I-D.ietf-secevent-http-push] are used in error responses. As I'm not sure if there's a good clean way to remind the reader that these are SET-poll-level responses, not HTTP responses. The rest of the section does help, so maybe we should just leave it as-is for now. Mike> I think it's already clear enough, and so didn't make a change. When included as part of a batch of SETs, the above JSON is included as part of the "setErrs" member, as defined in Section 2.3 and Section 2.4.4. I think s/2.3/2.2/ Mike> Fixed Section 3 It might be worth some discussion that for poll, HTTP authentication authenticates the recipient, whereas for push it authenticates the transmitter; workflows that need to authenticate the other party would have to rely on TLS, it seems. Since poll has the TLS server as the SET Transmitter, we could potentially pull in RFC 6125 and talk about validating DNS-IDs to authenticate the Transmitter. Given that the name to be authenticated would be part of the information conveyed out-of-band, though, it's not entirely clear how much value there would be in doing so. Mike> As in Push, this section was formerly poorly worded, and has largely been rewritten. As per Section 4.1 of [RFC7235], a SET delivery endpoint SHALL indicate supported HTTP authentication schemes via the "WWW- Authenticate" header. I'm not entirely sure we need this paragraph (but if we keep it, we should probably scope it to "when using HTTP authentication"). Mike> Done Authorization for the ability to pick-up or deliver SETs can be determined by using the identity of the SET issuer, or via other employed authentication methods. Among other benefits, Presumably this would involve some comparison/relationship between sender and issuer? Mike> Rewritten As for push, I'm not sure that "pick-up" will be clear to readers. Mike> Use of the term "pick-up" is gone. Section 4 One could perhaps argue that "Authenticating Persisted SETs" from push could apply here as well, though the scenarios are somewhat different. Mike> No change at this time. Section 4.1 (see [RFC7515] and Section 5 of [RFC8417]). This enables the SET Recipient to validate that the SET issuer is authorized to deliver the SET. Looking at the diff from push, there's a clear bug in push that I comment on there, but also it seems we want to s/issuer/Transmitter/ here? Mike> I clarified that the issuer provides sets. (It doesn't deliver them, which is the transmitter's job.) Section 4.3 SETs may contain sensitive information that is considered Personally Identifiable Information (PII). In such cases, SET Transmitters and The diff from push shows up as s/e.g., subject claims/PII/. Either version is defensible, but we should be consistent. Mike> Both drafts now say "PII". (Push was changed.) Section 4.4 When using access tokens, such as those issued by OAuth 2.0 [RFC6749], implementers MUST take into account threats and countermeasures documented in Section 8 of [RFC7521]. I think the average reader will need a bit more handholding about what access token usage is relevant here -- my first instinct was about confusability between SET and a JWT-formatted access token, but it seems that the rest of the discussion is more in line with using access tokens for (poll) request authorization. N.B. that we only talk about HTTP authentication and TLS authentication earlier in the document, so this would be the first part that introduces OAuth 2.0 as a possibility. Mike> Clarified that access tokens are used with HTTP Authentication. Section 4.4.1 [...] authentication methods. Designating the specific methods of authentication and authorization are out of scope for the delivery of SETs, however this information is provided as a resource to implementers. Indeed, for this whole section it's hard to see a direct connection to SET transmission; is this general sort of advice not already present somewhere else that we could incorporate it by reference? Mike> I deleted this unhelpful and non-actionable sentence. Section 5 [N.B. that these comments are pasted from -push] I would have expected to see some form of reminder to encrypt data that needs confidentiality protection, in a privacy considerations section. Mike> I added the sentence "Furthermore, data that needs confidentiality protection MUST be encrypted, either via TLS or using JSON Web Encryption (JWE), or both" to both drafts. If a SET needs to be retained for audit purposes, a JWS signature MAY be used to provide verification of its authenticity. We should probably give the reader a bit more to conect this signature to the privacy considerations in question. Mike> This sentence actually wasn't about privacy at all, so I deleted it from both drafts. Section 5 We have some significant divergence from -push here; I think there's scope for harmonization (in both directions). Mike> I reworked this paragraph and used the same text in both drafts. The propagation of subject identifiers can be perceived as personally identifiable information. Where possible, SET Transmitters and nit: propagation is an action, but PII has to be a concrete thing. Maybe we just want to say that subject identifiers can be perceived as PII (which is what -push does)? Mike> Done as part of the reworking above Section 7.2 Earlier we say "MUST take into account threats and countermeasures documented in Section 8 of [RFC7521]", which is probably enough to get people demanding that 7521 be listed as Normative. Mike> Done -Ben _______________________________________________ Id-event mailing list Id-event@ietf.org<mailto:Id-event@ietf.org> https://www.ietf.org/mailman/listinfo/id-event Mike> Thanks again, Ben! -- Mike
- [Id-event] AD review of draft-ietf-secevent-http-… Benjamin Kaduk
- Re: [Id-event] AD review of draft-ietf-secevent-h… Mike Jones
- Re: [Id-event] AD review of draft-ietf-secevent-h… Benjamin Kaduk
- Re: [Id-event] [EXTERNAL] Re: AD review of draft-… Mike Jones
- Re: [Id-event] AD review of draft-ietf-secevent-h… Mike Jones
- Re: [Id-event] AD review of draft-ietf-secevent-h… Richard Backman, Annabelle
- Re: [Id-event] AD review of draft-ietf-secevent-h… Benjamin Kaduk
- Re: [Id-event] AD review of draft-ietf-secevent-h… Mike Jones
- Re: [Id-event] AD review of draft-ietf-secevent-h… Richard Backman, Annabelle
- Re: [Id-event] AD review of draft-ietf-secevent-h… Mike Jones
- Re: [Id-event] AD review of draft-ietf-secevent-h… Richard Backman, Annabelle
- Re: [Id-event] AD review of draft-ietf-secevent-h… Richard Backman, Annabelle
- Re: [Id-event] AD review of draft-ietf-secevent-h… Benjamin Kaduk
- Re: [Id-event] AD review of draft-ietf-secevent-h… Dick Hardt