IETF Logo Mail Archive

Re: [Id-event] Push Delivery: working group last call

Marius Scurtescu <marius.scurtescu@coinbase.com> Thu, 06 December 2018 00:53 UTC

Return-Path: <marius.scurtescu@coinbase.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF25912D4ED for <id-event@ietfa.amsl.com>; Wed, 5 Dec 2018 16:53:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.459
X-Spam-Level:
X-Spam-Status: No, score=-3.459 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=coinbase.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f45c59xki0Uh for <id-event@ietfa.amsl.com>; Wed, 5 Dec 2018 16:53:03 -0800 (PST)
Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 673D4130F56 for <Id-event@ietf.org>; Wed, 5 Dec 2018 16:53:02 -0800 (PST)
Received: by mail-pg1-x532.google.com with SMTP id t13so9792012pgr.11 for <Id-event@ietf.org>; Wed, 05 Dec 2018 16:53:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coinbase.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CWL5shaNhm92Ua9wSxSpp2wpQSmv+Vi8VMyQV+F07yo=; b=FZssJS5xsZ5t+Jn9wqSY7DgcPaVwRL0s1lUaDgxYy4nTPAIx2T5biGV2aYV4QjlA1i 3mzhVtKlRyXwJSZO4ucpSMosxq6weswGRCDD5WZXba/+wKkTKIEv5ZbjHo8iXm/CYDtn B+q/wbG7NT2TDnGpPY4yU7q5DH7FpDVmTPv7w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CWL5shaNhm92Ua9wSxSpp2wpQSmv+Vi8VMyQV+F07yo=; b=L17T+mM7KsDKbBp8c4y3JJwzGkg4LVhnSBfT3ZK4/2OIYFYinXVfJN4aUPhNey9FD7 j1XUAEf2lCipopM61ZQxlFxYZjYxDuXmdL3OL4udOE0ssrkiykwrrCkWOquEOGU5yFxr jiNWeuStUJcZKJKjAEgd4L3pes3j8Oozebzp363xWmk2NyVUvbIF1RtE80FcigM2H/T7 8f2ded4MhEu4mPkPFXGLCzCmsVYGlrIk1d1fHYYP5v6xmgwffft2ettl4ZZNBKDCAaRA C9XGufQHn/wvqskYx8dcCVanAqf/+fu6Jb5XMkHJMH9HxT8BCju6/Nwb0Ro8gziX1UC5 onnw==
X-Gm-Message-State: AA+aEWYYrGFI1wGtsi8m6V87/dhoVrmBAStKRa/ktghtoK/f6r5b9fC8 RhXDqwXIxfhx1HxLjLKiW0MTiDQsKD0ojEHFboUv8vvdtr6+6Q==
X-Google-Smtp-Source: AFSGD/WkkXRHbJgDMMuRe08JtMi7UcOEvtah3ZSYJAsyQEJRNRb6FYcLU7J+pyrlovSpRVpuAiOPL564IVpLapHcsZA=
X-Received: by 2002:a63:104d:: with SMTP id 13mr22375262pgq.303.1544057581628; Wed, 05 Dec 2018 16:53:01 -0800 (PST)
MIME-Version: 1.0
References: <CABpvcNsj1paWcV_YevmGJbeiS7=oMHDhS9eP-d7Qz4ZOZe4sMw@mail.gmail.com> <79BE299A-03AF-4585-B459-C8FC6293D202@amazon.com>
In-Reply-To: <79BE299A-03AF-4585-B459-C8FC6293D202@amazon.com>
From: Marius Scurtescu <marius.scurtescu@coinbase.com>
Date: Wed, 05 Dec 2018 16:52:50 -0800
Message-ID: <CABpvcNt78ryxmejFcCz22zrWANuL7P=6AZYZdV2dE8A1H7RSFg@mail.gmail.com>
To: richanna=40amazon.com@dmarc.ietf.org
Cc: Id-event@ietf.org
Content-Type: multipart/alternative; boundary="000000000000aaa81d057c4feb85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/iUDvQEZHrJ5o1aehCbZIkwqwmWs>
Subject: Re: [Id-event] Push Delivery: working group last call
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Dec 2018 00:53:09 -0000

comments inline...

On Wed, Dec 5, 2018 at 3:54 PM Richard Backman, Annabelle <richanna=
40amazon.com@dmarc.ietf.org> wrote:

> Thanks for the feedback, Marius. Please see my [richanna]comments
> inline[/richanna].
>
>
>
> --
>
> Annabelle Richard Backman
>
> AWS Identity
>
>
>
>
>
> *From: *Id-event <id-event-bounces@ietf.org> on behalf of Marius
> Scurtescu <marius.scurtescu=40coinbase.com@dmarc.ietf.org>
> *Date: *Wednesday, December 5, 2018 at 2:25 PM
> *To: *"Id-event@ietf.org" <Id-event@ietf.org>
> *Subject: *Re: [Id-event] Push Delivery: working group last call
>
>
>
> Hi all,
>
> I realize we are past December 2, not sure what the procedure is for
> feedback at this point. Nevertheless, here are a few comments and
> observations:
>
> - At the end of section 1 it is stated "have an out-of-band mechanism for
> exchanging configuration metadata". Does "out-of-band" exclude discovery
> mechanisms? Should we drop "out-of-band" and make the sentence more general?
>
> [richanna]
>
> The words “out-of-band” were intended to indicate that the mechanism is
> separate and apart from this delivery mechanism, and may occur over
> drastically different channels. (e.g., a web console, an email between
> admins, URLs written on a cocktail napkin :D) It is important that this
> text allow for offline mechanisms as well as online ones. Happy to consider
> alternate text that captures this better.
>
> [/richanna]
>
>
>
I was just worried that "out-of-band" is too strong and I was suggesting to
drop only that term. I think that all the options you mention are allowed.
Not feeling too strong about this.



> - Section 1.2, we also need a definition for "SET Recipient".
>
>
>
> [richanna]
>
> SET Recipient is defined in RFC8417
> <https://tools.ietf.org/html/rfc8417#section-1.2>. We could add a stub
> definition that points back to 8417, if having SET Transmitter defined here
> but not SET Recipient is confusing. Something like:
>
>
>
> SET Recipient
>
>    An entity that receives SETs through some distribution method, as
> defined in RFC8417.
>
> [/richanna]
>
>
Yes, I think either both or none. The definition above sounds good to me.
Do we want to add "as defined in RFC8417" to the definition of transmitter
as well?



> - Section 2, list of validations: should we add that the Recipient should
> also validate that it is willing to receive events from the given
> transmitter? In other words, the transmitter/issuer must be whitelisted.
>
> [richanna]
>
> Agreed.
>
> [/richanna]
>
>
> - Section 2, last paragraph: there is also the case when no response at
> all is received from the Recipient, in which case re-transmitting should be
> an option.
>
> [richanna]
>
> Agreed.
>
> [/richanna]
>
>
> - Figure 1: there is no signature. Should we add a signature so the
> example is more realistic?
>
>
>
> [richanna]
>
> Yes, our examples should demonstrate best practices.
>
> [/richanna]
>
>
>
> - Section 2.3: only 400 is mentioned as possible status code. What about
> 401, 403 or 429? For example, 403 is the appropriate status code if the SET
> is perfectly valid but the Recipient is not willing to accept events from
> the given transmitter/issuer.
>
>
>
> [richanna]
>
> The consensus at IETF 101 was to return everything as 400, and leave HTTP
> status codes to HTTP.
>
> [/richanna]
>

I see. The 403 case is important IMO, the fact that the SET is perfectly
valid but the recipient is not willing to accept from this transmitter. Is
the "jwtIss" error code meant to cover this case? I guess there is nothing
to change here then.


>
>
> Happy to send a pull request for these changes (if we agree on them). Let
> me know.
>
>
>
> [richanna]
>
> Yes, please! :D
>
> [/richanna]
>

Should I clone/fork off https://github.com/richanna/Identity-Events (you
sent me instructions at some point)?


>
> Best,
>
> Marius
>
>
>
> On 18/11/2018 10:05, Yaron Sheffer wrote:
>
> > Dear SecEvent participants,
>
> >
>
> >
>
> > This is to start a 2-week working group last call on
>
> > draft-ietf-secevent-http-push-03
>
> > <https://datatracker.ietf.org/doc/draft-ietf-secevent-http-push/> <https://datatracker.ietf.org/doc/draft-ietf-secevent-http-push/%3E,>;, until
>
> > Dec. 2. Please send any comments to the list. In addition, if you have
>
> > no comments but support publication of this document as-is, please make
>
> > your voice heard.
>
> >
>
> >
>
> > Thanks,
>
> >
>
> >
>
> >      Dick and Yaron
>
> >
>
>
>

v2.23.0 | Report a Bug | By Email