Re: [Id-event] Roman Danyliw's No Objection on draft-ietf-secevent-http-push-12: (with COMMENT)
Mike Jones <Michael.Jones@microsoft.com> Thu, 25 June 2020 05:40 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A20893A0593; Wed, 24 Jun 2020 22:40:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NwJzWoUmO1w4; Wed, 24 Jun 2020 22:40:49 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640119.outbound.protection.outlook.com [40.107.64.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A84883A0544; Wed, 24 Jun 2020 22:40:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y4MRTB6VUQODeqauETv9PiHqNAh1hj8X2BeTQaT8nTRtpPj9P9wcxBio14vA8JPyZB4my+5oDZO4V3eZZyywm6QxM+EcqfaTi9v3znvx4gaffo1S9LZWMgj+xz8W9GvdSC48+1XbDK7s1WQNYY0Hrh5mGD6fqc4np8xGbbzMPWHP9dseN/9J8qHAfv7za1F/w+1Yyh6NyFcXVErO+oVZb7lmNNpo6Ox1ZjNL6G3+f1APEazXJ1GoTMKVD+x9fjOU3hmQLKWuXqkoFahunOIcgYh9pRFbN541KNC7U6V4KjUZxo6J+Y5vGoWwFkZFF0MfMOn0yh7/ChYEu2jFU2hsoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=55jSzEmueU4jMChMRTO9Mb9zTO0Yx/H8kYUh53CT4JM=; b=jYV5cKEgwjWgFnblJpozQDk7E/Lhufr87CEunuIsv8aj/kU53UNg4HmXkhYHd7d34z4hm/O7E56dRwm82hmiFLyaN8YdGkr9jdZrpPkKGVan9Kk17mRHLkN60f6Rhnnlal+EvJxUwI93FqnqE5XnOjj5oi5z1n2/MDxfSHkp2Vj5KRQxFjXMZUO1l47x3yU7nK/QsAf1vRPmrMQwEzT5l3K7BIwmHf48T66zWQMIimK7UrRALdZIOBAkANDuAk+4F5xN1no0Tsz1MVLg62HGc+QcfD9bBSY0z50Rlo9erLwO/mVOmh3fBQGiU/PLwHAJb7RweFUmgLdnnumTwu/U5w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=55jSzEmueU4jMChMRTO9Mb9zTO0Yx/H8kYUh53CT4JM=; b=Mdg2XYuEJqG8zJaVqglgGHUyWsb1UKtBn0mM5qbHbZgutk/gxeBM6djUFU+gA/c5haI7Xr874nKX2cpGRl7aDPu08enLwN9d3goDdnnI5XHZ2kYvITgEg1x4fo+fmOpQrTlhEAQ7P7tySvj9HDOnmFKZhOm5XhvpxwVQ8F7zE5M=
Received: from CH2PR00MB0678.namprd00.prod.outlook.com (2603:10b6:610:a9::23) by CH2PR00MB0811.namprd00.prod.outlook.com (2603:10b6:610:6f::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3173.0; Thu, 25 Jun 2020 05:40:47 +0000
Received: from CH2PR00MB0678.namprd00.prod.outlook.com ([fe80::3c44:1c81:e278:edb0]) by CH2PR00MB0678.namprd00.prod.outlook.com ([fe80::3c44:1c81:e278:edb0%2]) with mapi id 15.20.3173.000; Thu, 25 Jun 2020 05:40:47 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-secevent-http-push@ietf.org" <draft-ietf-secevent-http-push@ietf.org>, "secevent-chairs@ietf.org" <secevent-chairs@ietf.org>, "id-event@ietf.org" <id-event@ietf.org>, Yaron Sheffer <yaronf.ietf@gmail.com>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-secevent-http-push-12: (with COMMENT)
Thread-Index: AdZKsywdB9xM0nNcQbmzgxB7TPMWlg==
Date: Thu, 25 Jun 2020 05:40:47 +0000
Message-ID: <CH2PR00MB067866D9FEC8D94045A2CBC0F5920@CH2PR00MB0678.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=b30f97b3-e951-40c8-b4c0-1072498ee46a; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-06-25T05:33:48Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: cert.org; dkim=none (message not signed) header.d=none;cert.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.87.252]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: a194b359-e2ee-48e2-0d50-08d818ca4ffa
x-ms-traffictypediagnostic: CH2PR00MB0811:
x-microsoft-antispam-prvs: <CH2PR00MB08118ECB46E13851462A19AAF5920@CH2PR00MB0811.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 11LgVou812F9KFIFcd6CKTWsB9szvgMomTqnpjH70cnJatBb/66cUi2Sc07FWettj6BnaZi0XPlFkCMe8OWXQzlGhDZYa/pGUtOYl/Mb6DvWee2I/yg48wb+Xn4Tx88ONysdXdAXu7bNKVP7D1kYTB45L3PfmQYjg64B6AWuGc3lZgJ6FWXCGJNaRPloGheOFSVSMBx3RWuGyEk0Grb4j0Rt2u//m4VMQxKe3OtX2CxSe026Og1ZaD8YLuITndVCEBL+6hSULI8js2/tR8WVkDDSuaNsOeOnQ/1Advn9593IREHOPTqucVsg8F8a1LL/+sB2L8DZqF0TnyK6nQ2IvXNHiNKG6E5rv4dm5xiBI38Yklk3Y3YEldyWx+YP4byk1LDWKZmdEmOP/3GCDNdsyw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR00MB0678.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(376002)(136003)(396003)(346002)(39860400002)(10290500003)(66556008)(76116006)(186003)(86362001)(66946007)(966005)(8936002)(6506007)(478600001)(8990500004)(316002)(53546011)(82960400001)(52536014)(55016002)(82950400001)(71200400001)(5660300002)(110136005)(64756008)(66476007)(66446008)(54906003)(8676002)(33656002)(7696005)(2906002)(4326008)(9686003)(26005)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: /JsbxcuuZkmQkmzuZQOJwzasFfQJGHyme8IDNu12ITHWFsKCt02HrbSt4w8ao76tSCTSe49/ngvs+DhIgI70wpMfKvqg4dIY2eXgIqwB7bcowdZ92CwV/MtfL/x0fNkp6aQ0Fi2tiKo0/NB57ShrHNW9RHF5V2dHwWYqRw4kwvahP2j8fMuo6pM/Jk1MHByX2k5iU5RA1XFzgtHhhqIb8AWE/ETQQPxZp7z7f5N2Gk+Y61Iw3NRvINLGOlEXQq9pg4ki4SLSMd+Xrtjm0VN8/1HPkhZSWC/MQes59uZTjScaNnK7SNw2KAmPuhWal/6R1UOU5/W9Vnh84YXDu412WWVrSJCwClr1EUo4kZfUySaNr2DmjqGcBvS2ByDTb5YYlAoD0wcpoLDXFPvmQtadVBWgqQCoGQHZL+FVpqO0O+FENDnFjm/fAd8INHg+2mNg6aRQ/AAN+RBhJuKWXb/em+1YUd0HxY5hztlayMgbEVg=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH2PR00MB0678.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a194b359-e2ee-48e2-0d50-08d818ca4ffa
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jun 2020 05:40:47.5052 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 83DCfWqLzuJvBG5CrUicY/K0vkbu9OWjXoH/BszFc6Sg8Kc1wzHaUK/EYO7v8L01Ohogu8CncZF5Jnsfm2/VfQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR00MB0811
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/7wIfkDICpvxlF2hrKadjbSH8LR4>
Subject: Re: [Id-event] Roman Danyliw's No Objection on draft-ietf-secevent-http-push-12: (with COMMENT)
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Jun 2020 05:40:52 -0000
Thanks for your review, Roman. https://tools.ietf.org/html/draft-ietf-secevent-http-push-13 is intended to address your comments. Detailed replies are inline, prefixed by "Mike>". -----Original Message----- From: Roman Danyliw via Datatracker <noreply@ietf.org> Sent: Tuesday, June 23, 2020 6:51 AM To: The IESG <iesg@ietf.org> Cc: draft-ietf-secevent-http-push@ietf.org; secevent-chairs@ietf.org; id-event@ietf.org; Yaron Sheffer <yaronf.ietf@gmail.com>; yaronf.ietf@gmail.com Subject: Roman Danyliw's No Objection on draft-ietf-secevent-http-push-12: (with COMMENT) Roman Danyliw has entered the following ballot position for draft-ietf-secevent-http-push-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-secevent-http-push/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for responding to the SECDIR review (and thanks to Valery Smyslov for doing it) ** Section 2.1. Per “To transmit a SET to a SET Recipient, the SET Transmitter makes an HTTP POST request to an HTTP endpoint using TLS provided by the SET Recipient” didn’t parse right. What does it mean to “us[e] TLS provided by …”? Mike> Murry also noticed this. I reworded this sentence according to his suggestion. ** Section 5.3. Recommend being clearer that using TLS is a MUST. OLD In some use cases, using TLS to secure the transmitted SETs will be sufficient. In other use cases, encrypting the SET as described in JWE [RFC7516] will also be required NEW TLS MUST be used to secure the transmitted SETs. In some use cases, also encrypting the SET as described in JWE [RFC7516] will be required. Mike> Done ** Section 5.3. Per “SETs may contain sensitive information that is considered Personally Identifiable Information (PII). In such cases …”, first off, I fully endorse and concur with the spirit here – being clear when you have sensitive information that confidentiality is a MUST requirement. However, we need precision here – PII is a technical term in many jurisdictions, and the definition varies. I wouldn’t want to make the normative guidance here conditional on this ambiguity. I’d also note that Section 5.1. of RFC8417 refers to confidentiality requirements in the presence of third parties. Combining these observations will the editorial item above, I recommend: “SETs may contain sensitive information, to include Personally Identifiable Information (PII), or be distributed through third parties. TLS MUST be …” Mike> Thanks, done ** Section 5.3. Per the reference RFC7525, I recognize that this sentence is identical to Section 5.1 of RFC8417. Is there a reason why conformance to it (RFC7525) is not a MUST (e.g., to ensure guidance on ciphersuites)? You’ve already covered TLS version numbers with text and certificate validation with RFC6125. Mike> It's now a MUST ** Section 5.5. Per “At the time of receipt, the SET Recipient can rely upon transport layer mechanisms …”, since this whole specification is about a particular “transport layer mechanisms”, what is are the specific details here – or is this out of scope? Mike> It now more specifically talks about TLS mechanisms Thanks again, -- Mike
- [Id-event] Roman Danyliw's No Objection on draft-… Roman Danyliw via Datatracker
- Re: [Id-event] Roman Danyliw's No Objection on dr… Mike Jones
- Re: [Id-event] Roman Danyliw's No Objection on dr… Roman Danyliw