IETF Logo Mail Archive

Re: [Id-event] AD review of draft-ietf-secevent-http-poll-06

"Richard Backman, Annabelle" <richanna@amazon.com> Wed, 29 April 2020 23:00 UTC

Return-Path: <prvs=381b252c6=richanna@amazon.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38DFB3A0A40; Wed, 29 Apr 2020 16:00:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.6
X-Spam-Level:
X-Spam-Status: No, score=-9.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lG29mkGZuRQj; Wed, 29 Apr 2020 16:00:33 -0700 (PDT)
Received: from smtp-fw-9102.amazon.com (smtp-fw-9102.amazon.com [207.171.184.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4FE83A0A18; Wed, 29 Apr 2020 16:00:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1588201234; x=1619737234; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=SKALzaSV0THo3hDUIREruX2xXddSP9tW0Qtqcer8M/k=; b=l8EgeVfAheuOCH+626CLFMl2dGe41HxbTK7k5MZnrJ97kBoJKM6I1X/c NCXPsb4oU9ZIQp2PO6WlTr4nUfWy3D334Pid5LEb+xdwcLDYxSaCg1jK5 /YMB62y3meAIK8RupCGJRZSkYtO/ogDQ3GxNwS23ls/j5tJHUpRUCgadi o=;
IronPort-SDR: 3ZChDozJL8Iy04n8Dt13VLnEfjdj4as/rJL8+zNYMKylOjbiINOTkZ6WBxe4UQCF4kznKIc3nd 8LMdgSOf2BTA==
X-IronPort-AV: E=Sophos;i="5.73,333,1583193600"; d="scan'208";a="40330937"
Thread-Topic: [Id-event] AD review of draft-ietf-secevent-http-poll-06
Received: from sea32-co-svc-lb4-vlan3.sea.corp.amazon.com (HELO email-inbound-relay-2b-4ff6265a.us-west-2.amazon.com) ([10.47.23.38]) by smtp-border-fw-out-9102.sea19.amazon.com with ESMTP; 29 Apr 2020 23:00:34 +0000
Received: from EX13MTAUWC001.ant.amazon.com (pdx4-ws-svc-p6-lb7-vlan3.pdx.amazon.com [10.170.41.166]) by email-inbound-relay-2b-4ff6265a.us-west-2.amazon.com (Postfix) with ESMTPS id DF3F9A1895; Wed, 29 Apr 2020 23:00:32 +0000 (UTC)
Received: from EX13D11UWC001.ant.amazon.com (10.43.162.151) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 29 Apr 2020 23:00:32 +0000
Received: from EX13D11UWC004.ant.amazon.com (10.43.162.101) by EX13D11UWC001.ant.amazon.com (10.43.162.151) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 29 Apr 2020 23:00:32 +0000
Received: from EX13D11UWC004.ant.amazon.com ([10.43.162.101]) by EX13D11UWC004.ant.amazon.com ([10.43.162.101]) with mapi id 15.00.1497.006; Wed, 29 Apr 2020 23:00:32 +0000
From: "Richard Backman, Annabelle" <richanna@amazon.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "draft-ietf-secevent-http-poll.all@ietf.org" <draft-ietf-secevent-http-poll.all@ietf.org>, "id-event@ietf.org" <id-event@ietf.org>
Thread-Index: AdYdvj9GODjwbpyaR1unVK/WNvqD+AAgDToAAA69H4D//4vMgA==
Date: Wed, 29 Apr 2020 23:00:32 +0000
Message-ID: <14B055A2-A54A-4C21-A71C-125C3D508BBD@amazon.com>
References: <BY5PR00MB0676C7A40DF72E4FAA78B1E3F5AD0@BY5PR00MB0676.namprd00.prod.outlook.com> <87C847B1-937A-4579-8B90-09F879A4DC05@amazon.com> <DM6PR00MB0684F15C85722E3EEDF59E76F5AD0@DM6PR00MB0684.namprd00.prod.outlook.com>
In-Reply-To: <DM6PR00MB0684F15C85722E3EEDF59E76F5AD0@DM6PR00MB0684.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.21.0.200113
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.162.200]
Content-Type: text/plain; charset="utf-8"
Content-ID: <D53E34BBA74C3A439E51DE4824B6290B@amazon.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/tWbsLMSqu5UbVEd0JJeIoPdFTHY>
Subject: Re: [Id-event] AD review of draft-ietf-secevent-http-poll-06
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 23:00:36 -0000

Pull request submitted: https://github.com/independentid/Identity-Events/pull/33

–
Annabelle Backman (she/her)
AWS Identity
https://aws.amazon.com/identity/
 

On 4/29/20, 3:56 PM, "Mike Jones" <Michael.Jones@microsoft.com> wrote:

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Cool - thanks.

-----Original Message-----
From: Richard Backman, Annabelle <richanna@amazon.com>
Sent: Wednesday, April 29, 2020 3:54 PM
To: Mike Jones <Michael.Jones@microsoft.com>; Benjamin Kaduk <kaduk@mit.edu>
Cc: draft-ietf-secevent-http-poll.all@ietf.org; id-event@ietf.org
Subject: [EXTERNAL] Re: [Id-event] AD review of draft-ietf-secevent-http-poll-06

Sorry, was waiting for confirmation that we're removing the sentence and not the paragraph. Yes, I'll remove the sentence and do another pull request. Once you confirm via pull request approval I'll publish the drafts.

–
Annabelle Backman (she/her)
AWS Identity
https://aws.amazon.com/identity/


On 4/28/20, 5:37 PM, "Mike Jones" <Michael.Jones@microsoft.com> wrote:

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



Annabelle, do you want to remove the DDOS sentence or do you want me to?  After that, are we ready to publish both drafts?

                                Thanks,
                                -- Mike

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu>
Sent: Monday, April 27, 2020 4:53 PM
To: Richard Backman, Annabelle <richanna@amazon.com>
Cc: Mike Jones <Michael.Jones@microsoft.com>; draft-ietf-secevent-http-poll.all@ietf.org; id-event@ietf.org
Subject: Re: [Id-event] AD review of draft-ietf-secevent-http-poll-06

Just the sentence about DoS attacks, not the whole paragraph, right?

-Ben

On Mon, Apr 27, 2020 at 11:52:03PM +0000, Richard Backman, Annabelle wrote:
> Yes, will remove that.
>
> –
> Annabelle Backman (she/her)
> AWS Identity
> https://aws.amazon.com/identity/
>
>
> On 4/27/20, 4:51 PM, "Mike Jones" <Michael.Jones@microsoft.com> wrote:
>
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
>
>
>
> Thanks for the edits you made, Annabelle.  Do we also want to delete this text from Poll before publishing, per Ben's suggestion?
>
>       <t>
>         Authorization for the eligibility to provide actionable SETs can be determined by
>         using the identity of the SET Issuer,
>         validating the polling endpoint URL, perhaps using TLS,
>         or via other employed authentication methods.
>         Among other benefits, authentication can help prevent denial-of-service attacks.
>         Because SETs are
>       not commands, SET Recipients are free to ignore SETs that
>       are not of interest after acknowledging their receipt.</t>
>
>                                 -- Mike
>
> -----Original Message-----
> From: Mike Jones
> Sent: Friday, April 24, 2020 7:12 PM
> To: 'Benjamin Kaduk' <kaduk@mit.edu>; richanna@amazon.com
> Cc: draft-ietf-secevent-http-poll.all@ietf.org; id-event@ietf.org
> Subject: Re: [Id-event] AD review of draft-ietf-secevent-http-poll-06
>
> Thanks Ben.  I think the DDOS text can be dropped from Poll.  I'll do that early next week.
>
>                                 Thanks again,
>                                 -- Mike
>
> -----Original Message-----
> From: Benjamin Kaduk <kaduk@mit.edu>
> Sent: Friday, April 24, 2020 5:53 PM
> To: Mike Jones <Michael.Jones@microsoft.com>
> Cc: draft-ietf-secevent-http-poll.all@ietf.org; id-event@ietf.org
> Subject: [EXTERNAL] Re: [Id-event] AD review of draft-ietf-secevent-http-poll-06
>
> Hi Mike,
>
> Thanks for the updates, and I continue to be sorry for the long response times.
>
> Poll is in quite good shape (well, I guess it's mostly just that -push is taking the brunt of the work for harmonizing the differences in text); just a couple more changes to make and we should be good to start the IETF LCs in parallel.  I'll again trim the resolved bits.
>
> In Section 3 we have a note about DoS protections embedded in a larger block of text:
>
>    Authorization for the eligibility to provide actionable SETs can be
>    determined by using the identity of the SET Issuer, validating the
>    polling endpoint URL, perhaps using TLS, or via other employed
>    authentication methods.  Among other benefits, authentication can
>    help prevent denial-of-service attacks.  Because SETs are not
>    commands, SET Recipients are free to ignore SETs that are not of
>    interest after acknowledging their receipt.
>
> I am not 100% sure, but I think this may have been text that originates before the split of documents, and in push got extracted and made into a separate section.  Does it still make sense here?  The DoS risk would typically be for a server getting lots of inbound connections, but there's not quite as clear a case for (client) authentication helping with that for poll, since the client is not sending huge amounts of stuff that would need to be dropped.  Am I misunderstanding the intent here, or should the sentence just get dropped?
>
> On Fri, Feb 07, 2020 at 05:18:04PM +0000, Mike Jones wrote:
> > draft-ietf-secevent-http-poll-07<https://tools.ietf.org/html/draft-ietf-secevent-http-poll-07> was published to address these review comments.  (-08<https://tools.ietf.org/html/draft-ietf-secevent-http-poll-08> addressed additional editorial nits.)  Descriptions of the changes made for these comments are inline, prefixed by "Mike>".
> >
> >
> >
> > -----Original Message-----
> > From: Id-event <id-event-bounces@ietf.org> On Behalf Of Benjamin Kaduk
> > Sent: Tuesday, December 10, 2019 4:37 PM
> > To: draft-ietf-secevent-http-poll.all@ietf.org
> > Cc: id-event@ietf.org
> > Subject: [Id-event] AD review of draft-ietf-secevent-http-poll-06
> >
> >
> > Section 3
> >
> >
> > Since poll has the TLS server as the SET Transmitter, we could potentially pull in RFC 6125 and talk about validating DNS-IDs to authenticate the Transmitter.  Given that the name to be authenticated would be part of the information conveyed out-of-band, though, it's not entirely clear how much value there would be in doing so.
> >
> >
> > Mike> As in Push, this section was formerly poorly worded, and has largely been rewritten.
>
> As for -push, I'd really like to be able to say something about the other half of the name comparison.  In this case would it be something like "discovery of SET Transmitters (and the names used to authenticate them) is out of scope for this document"?
>
> Thanks for the updates,
>
> Ben
>

v2.23.0 | Report a Bug | By Email