Re: [Id-event] Review of draft-ietf-secevent-http-push-05
Marius Scurtescu <marius.scurtescu@coinbase.com> Sun, 14 April 2019 17:11 UTC
Return-Path: <marius.scurtescu@coinbase.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 205A012012F for <id-event@ietfa.amsl.com>; Sun, 14 Apr 2019 10:11:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=coinbase.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cL2nYACUuN2Q for <id-event@ietfa.amsl.com>; Sun, 14 Apr 2019 10:11:43 -0700 (PDT)
Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F16012011D for <id-event@ietf.org>; Sun, 14 Apr 2019 10:11:43 -0700 (PDT)
Received: by mail-pg1-x533.google.com with SMTP id f6so7437412pgs.8 for <id-event@ietf.org>; Sun, 14 Apr 2019 10:11:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coinbase.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CJIGuT69ZZGBRhr+2FeR0CzqwwMCOYE0Hp777T0XTHQ=; b=ONjqZGxGDI/drQ+r2/NJDkilwQg/u6smjIvg+6Z1LrFUZgQmgUazbnUV134p26Gp4J cmPXA6h0PEGpQ0qdy6DRcmAA6dJAgGR08rAvUbByVglmSZpm+mNy8GNo0+YCpOxn+u3v 3rVQxpucx0kxs7RKiRmHwOnyKXYYuT56Xd9fg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CJIGuT69ZZGBRhr+2FeR0CzqwwMCOYE0Hp777T0XTHQ=; b=akS9MZH7NGeyU9G/ZLPdVigYbC0c2rh3QVTT/QK55UCs/eA5ZArxYQW5GQb/NeQrnw seVMPoVkmlYEjWIq7A77cLJ6rLFHHWeOGnIzGud6cD+GVIL6QJvGrPu1OS1aO0NEBHCX BKWzFGjEiHeELWI2Y6O2/Dx0LVWrYNVpeS22J4x+2h2M7dkdfYGfRgohiWy0aWFHbnO/ AJZlJd7F2VfJA+9OVfSp9MNY5mHyAmHbY4IKiLGAPwxmNVbjdTtVB4/9wkAv2wrPJXke qyzdxwfyzvIEGujWI5rJX6HJ8op7ROwZ16jy6ARAd9xuzuqGNXywr7+SwlNxlYWpEYmF UhPw==
X-Gm-Message-State: APjAAAW7E4e3GMDKtCmIc3XxXxhEE6DNuENAxPoCPloselDt/5X8S7ic eJ0GwCT8ZG+U8hoqp4JltOOxIMBWrIKdQ2p7pRLwqA==
X-Google-Smtp-Source: APXvYqzS56KKUbZi8os7HO8EjcVBT/hMqjB5YILIM26nyKdDNv+p4fjF1BKJZplYXj1hluElHdNtEhGcEbHv8T5Imgo=
X-Received: by 2002:a62:2587:: with SMTP id l129mr70622190pfl.151.1555261902939; Sun, 14 Apr 2019 10:11:42 -0700 (PDT)
MIME-Version: 1.0
References: <71b9d281-46f9-8bb4-3524-211e5ab7fa55@curity.io> <CAD9ie-v0v8vaoc_Tz4EhTz_XKCWQkfdsJ2duySSZpZ52r9rUvg@mail.gmail.com> <6FECBDD3-DE6B-4050-BBD8-E40C46475A21@amazon.com>
In-Reply-To: <6FECBDD3-DE6B-4050-BBD8-E40C46475A21@amazon.com>
From: Marius Scurtescu <marius.scurtescu@coinbase.com>
Date: Sun, 14 Apr 2019 10:11:31 -0700
Message-ID: <CABpvcNszFJOEiUMhSnp41h89a5W3qqLaTAEJ09Y_gD3d9Pfn+Q@mail.gmail.com>
To: "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org>
Cc: Dick Hardt <dick.hardt@gmail.com>, Mark Dobrinic <mark.dobrinic@curity.io>, Yaron Sheffer <yaronf.ietf@gmail.com>, SecEvent <id-event@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000420e29058680a10c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/TMBOiUu3L0sjQQsgAnhZk5O-X4U>
Subject: Re: [Id-event] Review of draft-ietf-secevent-http-push-05
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Apr 2019 17:11:47 -0000
Thanks for the feedback Mark and for the suggested edits Annabelle. I am incorporating the two suggested changes into a PR, along with other feedback. On Fri, Apr 12, 2019 at 11:45 AM Richard Backman, Annabelle <richanna= 40amazon.com@dmarc.ietf.org> wrote: > Thanks for the review, Mark! [richanna]Responses inline[/richanna]. > > > > -- > > Annabelle Richard Backman > > AWS Identity > > > > > > *From: *Id-event <id-event-bounces@ietf.org> on behalf of Dick Hardt < > dick.hardt@gmail.com> > *Date: *Thursday, April 11, 2019 at 2:09 PM > *To: *Mark Dobrinic <mark.dobrinic@curity.io> > *Cc: *Yaron Sheffer <yaronf.ietf@gmail.com>, "Richard Backman, Annabelle" > <richanna@amazon.com>, SecEvent <id-event@ietf.org> > *Subject: *Re: [Id-event] Review of draft-ietf-secevent-http-push-05 > > > > Mark: thanks for the review and feedback > > > > Annabelle: have you had a chance to review the feedback? > > > > On Wed, Mar 27, 2019 at 3:55 AM Mark Dobrinic <mark.dobrinic@curity.io> > wrote: > > Hi id-event, > > Read through draft 05, and here's some of my findings. With the > disclaimer that I am not fully aware of the historical discussions that > led to this draft. > > - Section 2.0 mentions: "Once a SET has been validated and persisted, > the SET Recipient SHOULD immediately return a response ..."; there's a > bit of a gap on what to do when the SET was validated but failed to > persist. The errors don't (and probably shouldn't?) cover this, as this > might be considered business logic on the recipient's part? Section 2.2 > talks about "appropriate retention requirements", which is nicely > formulated. This type of wording might be also snuck in to the language > of section 2.0's paragraph ("Once the SET has been validated and > persisted ..") > > > > [richanna] > > Persistence failures are no different from any other business logic > failure on the SET Recipient side. In such cases the SET Recipient would > return a 500, as allowed for by the first paragraph of 2.3: > > > > In the event of a general HTTP error condition, the SET Recipient > > SHOULD respond with an appropriate HTTP Status Code as defined in > > Section 6 of [RFC7231]. > > > > The paragraph in 2.0 before the one you quote recommends the SET Recipient > persist the SET “in a way that is sufficient to meet [their] reliability > requirements”. This seems to me to provide the same guidance as the text in > 2.2; do you feel that something is missing or unclear from that paragraph? > > [/richanna] > > > - Is the `description` field in the error response REQUIRED? > > > > [richanna] > > Yes, both `err` and `description` are REQUIRED. The second paragraph of > 2.3 contains the text: > > > > …the body [of the error response] MUST be a UTF-8 encoded JSON [RFC7159] > object containing the following name/value pairs: > > > > …followed by the `err` and `description property definitions. > > [/richanna] > > > - Is there a reason why the `authentication_failed` failure response > should not return a HTTP/401 Unauthorized HTTP status code? > > [richanna] > > HTTP status 401 requires a WWW-Authenticate response header, which may or > may not be appropriate depending on the authentication method(s) in use by > the SET Recipient. > > [/richanna] > > > > - Section 5.1 talks about the SET Issuer being authorized to deliver the > SET; should this not be the SET Transmitter? > > [richanna] > > Yes, this should say “SET Transmitter” instead of “SET Issuer”. > > [/richanna] > > > - Section 5.4 on authenticating persisted SETs; Not sure if I understood > this correctly, but if a SET Transmitter can send a SET that was issued > by a different SET Issuer, how would the signature verification key be > resolved to authenticate the SET? 5.4 talks about the SET *Transmitter* > signing the SET, should this not be the SET *Issuer*? Or is this out of > scope? > > [richanna] > > Technically, it could be either, e.g., if the issuer issued an unsigned, > unencrypted SET and provided it to the transmitter, the transmitter could > encrypt the SET (creating a nested JWT), and that would address the > concerns laid out in 5.4. But on re-reading 5.4, I think this requirement > should be applied to the *SET Recipient*, as they are the party that has > the downstream authentication requirements necessitating this behavior. The > last part of the last sentence of 5.4 should be changed to something like: > > > > …then the SET Recipient SHOULD ensure that such SETs have been signed in > accordance with RFC7515 and/or encrypted using authenticated encryption in > accordance with RFC7516. > > > > [/richanna] > > > Nitpicks: > - The sentence above the examples (e.g. in section 2.2) should always > end with a colon ':' ("The following is ... a SET:"), or end with a > period '.'. Don't care which, but looks nicer if it's the same > everywhere. I think only 2.2 falls out of line. > > - The text above Figure 5 says "SET Receiver", should be "SET Recipient" > > Hope this helps to wrap it up to publication :) > > > -- > Regards, > > Mark Dobrinic > Software Engineer and Identity Specialist > Curity AB > > mark.dobrinic@curity.io > www.curity.io > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://www.ietf.org/mailman/listinfo/id-event > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://www.ietf.org/mailman/listinfo/id-event >
- [Id-event] Review of draft-ietf-secevent-http-pus… Mark Dobrinic
- Re: [Id-event] Review of draft-ietf-secevent-http… Dick Hardt
- Re: [Id-event] Review of draft-ietf-secevent-http… Richard Backman, Annabelle
- Re: [Id-event] Review of draft-ietf-secevent-http… Marius Scurtescu