IETF Logo Mail Archive

Re: [Id-event] WG Last Call for draft-ietf-secevent-token-02

Marius Scurtescu <mscurtescu@google.com> Wed, 02 August 2017 21:46 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1888612EA95 for <id-event@ietfa.amsl.com>; Wed, 2 Aug 2017 14:46:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hBDk_C62_LdT for <id-event@ietfa.amsl.com>; Wed, 2 Aug 2017 14:46:03 -0700 (PDT)
Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE6D0129B30 for <id-event@ietf.org>; Wed, 2 Aug 2017 14:46:02 -0700 (PDT)
Received: by mail-io0-x22f.google.com with SMTP id o9so202516iod.1 for <id-event@ietf.org>; Wed, 02 Aug 2017 14:46:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=YK9xWQ2SB9Zk3mGjg0IWQ8CCEukficfihoA0PsnB2YY=; b=KpDrZWWji8joKZlygDiSb+n3CTkddjB0ikTGFxQAL5u9WzvMG0JYJnbWPsOjW4pkKg 5oUIAdVudeujOwDgvHCsyygIx0n+frZJsEj9t8nG2CSFoyxr17xcXKfiJYOF+LxmjbUP jbZGTmorndUSY7Ma7ED+dMgj+Qr0wLiRZWyBXEsY8C2zPdIVHc4yMKpSKZ6pVmnV0uAx dXyhE9G8NltaGKLWZOrKpFLw5qFq+oTcluTsid8HnrAu4/ixmpk8m7Vk/cYVknBaIrbU +iXZljCquuRe+Oaw++PPM86y6gyOorr3TyY9m8PsQrVsiVZJmW7fu+VRhL6clsQIml78 Pi4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=YK9xWQ2SB9Zk3mGjg0IWQ8CCEukficfihoA0PsnB2YY=; b=UPoUcoJQBlLwkcgIYdoyvDADKKGPw43MQEez7dNGivpXccFchCp/G5peQhQbJB5Mej jr6gNAJVdBA/9+8tqqVhwAZDWJqcpdpIKRO4sup5dyEBoklPRW5WsWF2x36kJfkFXuYI 9A/blIqH/yWh2BNkL26ECw4kPjEf6P+nAeXbhwcD32rRj4XeUCQRG+LuOl8obT+kl6lf HFU2hzYQshcNqhMwZkEDKMMtVA5eTg0zxBPvyUgId/kYaN/eIl7iZsZanzx8f/SwYoqL JrLFgqDFrb5QePnhbWOc3ZKRg8v1yHTckJFow/zHS+t46l+KLZHaXE2vxQHStqPNoDFU F+ow==
X-Gm-Message-State: AIVw111l169SajkF+/aEiCNaVkmbBahcESiW9HCkDZgLAOnuGcoHbvA0 vYyFmZULYtalklJWeOS0jCn9OJsXmfyo
X-Received: by 10.107.59.69 with SMTP id i66mr27919583ioa.202.1501710361845; Wed, 02 Aug 2017 14:46:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.19.95 with HTTP; Wed, 2 Aug 2017 14:45:41 -0700 (PDT)
In-Reply-To: <e6649728-f94a-93f5-9885-c948a5b0ed49@gmail.com>
References: <e6649728-f94a-93f5-9885-c948a5b0ed49@gmail.com>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Wed, 02 Aug 2017 14:45:41 -0700
Message-ID: <CAGdjJpJtfV9q2iaL-uao1b7XpQjx5uJrX=fnoM36POXLFYrqow@mail.gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: SecEvent <id-event@ietf.org>
Content-Type: multipart/alternative; boundary="001a114f7de4aceea30555cc3092"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/MqA3n70qMD9YH7DvtEuMZ4DWm7o>
Subject: Re: [Id-event] WG Last Call for draft-ietf-secevent-token-02
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2017 21:46:05 -0000

The abstract mentions "issuer" and "receiver" in the last sentence.
"receiver" does not sound right (that should be used in the context of a
transmitter), but I don't have a better suggestion. Audience?

The last paragraph of section 1 mentions "subscriber". I think it should be
either "receiver" or "audience".

The explanation for figure 1 states that the issuer denotes the
transmitter. If the issuer and the transmitter are assumed to be the same
entity, then the transmitter definition in section 1.2 should make that
clear.

Figure 3, I think the "sub" claim should be nested in the event, next to
the issuer that provides the correct context. The "iss" and "sub"
definitions in 2.1 also touch on this, providing conflicting advice.

Section 2,1, definition of "nbf". The definition says that this is the
event time. I see two problems:
- the name suggest "not before", not exactly the same as event time
- there can be multiple events
maybe this claim should be dropped?

Section 2.1, definition of "exp". Omitting this claim is the short term
solution to the confusion issue. Why not mention that and that it SHOULD
NOT be used?

Section 2.1, definition of "events". It states that all events must refer
to the same logical event. Lately in discussions we reached the conclusion
that all events in a SET should be defined in the same profile, which is a
stronger requirement. I think this definition should mention that.

Regarding events and profiles. There was a proposal to add a new claim to
uniquely identify the profile. I think we need to discuss that.

Figure 5. Maybe a signed example would be better, especially that the next
paragraph mentions that signatures or encryption should be used.

Section 4.5, second paragraph. Mentions that "nonce" is also required, but
that is not actually true. Id Tokens issued at the token endpoint for
example will not have it. I suggest we drop the whole paragraph.


Marius

On Mon, Jul 31, 2017 at 1:40 PM, Yaron Sheffer <yaronf.ietf@gmail.com>
wrote:

> This is to announce working group last call on this draft (
> https://datatracker.ietf.org/doc/draft-ietf-secevent-token/).
>
> Please send your comments to the list. Even if you are perfectly happy
> with the draft, please let us know that you support its publication as-is
> by posting to the list.
>
> Because of the summer holidays, this last call is open for 3 weeks, until
> Aug. 21.
>
> Thanks,
>     Dick and Yaron
>
> _______________________________________________
> Id-event mailing list
> Id-event@ietf.org
> https://www.ietf.org/mailman/listinfo/id-event
>
>

v2.23.0 | Report a Bug | By Email