Re: [Id-event] Alissa Cooper's No Objection on draft-ietf-secevent-token-11: (with COMMENT)
Phil Hunt <phil.hunt@oracle.com> Wed, 09 May 2018 22:06 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B623A12D7E2; Wed, 9 May 2018 15:06:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMvUPB1LnUd9; Wed, 9 May 2018 15:06:08 -0700 (PDT)
Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D04BB126CF9; Wed, 9 May 2018 15:06:08 -0700 (PDT)
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w49M2Xtb128376; Wed, 9 May 2018 22:06:04 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2017-10-26; bh=YF0xpSS1gOF8esxXr0a23xCDf2n0fJbQQP+zETPkCTc=; b=bwhg+8a0NSujHnwwyO7qGEGdIAFqtf6mnOFqHHZejqX60CTc+k2Yd3Q3hPXdqDe35/O0 mXWfJM4Acf04iGSUHD3dpL2mbd9m3QKwS0K6kmfgVvkH7533pkNmOP+Fs8KzCYA9KGAq UuYvJLkt+V9Ud6iGmI/6xkBtLLSTNk3+ttrZQq8PfNr48h+fDI/JkuRCzEgXnqIqpvbK 5qMAurg8/jxwaHmaB/qzvjaOcU93Dg4DFfbKBAFiGmpLrfQNVQvPgej4FbqDjYtghVVj kRphfciT7I4mPlHx96oXshY1diMaowiQIPNRl7zgm1Avkmhmkf+lKMD4yZm1/9iHmMA4 qA==
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp2130.oracle.com with ESMTP id 2hv6kp8uud-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 09 May 2018 22:06:04 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w49M63pk021609 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 9 May 2018 22:06:03 GMT
Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w49M63H3008101; Wed, 9 May 2018 22:06:03 GMT
Received: from [10.0.1.20] (/24.86.190.97) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 09 May 2018 15:06:03 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (15E302)
In-Reply-To: <152589422080.3937.17278656045470630984.idtracker@ietfa.amsl.com>
Date: Wed, 09 May 2018 15:06:00 -0700
Cc: The IESG <iesg@ietf.org>, secevent-chairs@ietf.org, yaronf.ietf@gmail.com, draft-ietf-secevent-token@ietf.org, id-event@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <A47A4D92-8077-4EDA-8AB0-48957AC086CB@oracle.com>
References: <152589422080.3937.17278656045470630984.idtracker@ietfa.amsl.com>
To: Alissa Cooper <alissa@cooperw.in>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8888 signatures=668698
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=7 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1805090205
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/tmM-PFgdAWhpgqphm-7Q5QwVEGg>
Subject: Re: [Id-event] Alissa Cooper's No Objection on draft-ietf-secevent-token-11: (with COMMENT)
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 22:06:11 -0000
Alissa, Thanks for the comments. I will apply them in draft 12. Cheers, Phil > On May 9, 2018, at 12:30 PM, Alissa Cooper <alissa@cooperw.in> wrote: > > Alissa Cooper has entered the following ballot position for > draft-ietf-secevent-token-11: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_iesg_statement_discuss-2Dcriteria.html&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=95fIBcwc6yxsWmW8TNIRDyen0OFdCfQtVvsCvKglxMQ&s=yuXqSMMhZSFnEliz1LpgHr4-6AVMlwMYg4hGPfUV_VI&e= > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dsecevent-2Dtoken_&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=95fIBcwc6yxsWmW8TNIRDyen0OFdCfQtVvsCvKglxMQ&s=NXgUokg6RBO_Hy_uEx4k1CEjdsnMAJzHql9xQ0wKp9E&e= > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > = Sec. 5.1 = > > "Security events distributed through third parties or that carry > personally identifiable information SHOULD be encrypted using JWE > [RFC7516] or secured for confidentiality by other means." > > The SHOULD here seems like it should be a MUST unless there are obvious exception cases. > > = Sec. 5.2 = > > "In > addition to confidentiality and integrity (discussed above), > implementers and profiling specifications MUST consider the > consequences of delivery mechanisms that are not secure and/or not > assured." > > The "implementers ... MUST consider" construction seems like an odd use of normative language. > > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_id-2Devent&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=95fIBcwc6yxsWmW8TNIRDyen0OFdCfQtVvsCvKglxMQ&s=tYI2_anKOqEnJ4NeoeMuFe4ezRHvI5d--_8CfEdSx74&e=
- [Id-event] Alissa Cooper's No Objection on draft-… Alissa Cooper
- Re: [Id-event] Alissa Cooper's No Objection on dr… Phil Hunt
- Re: [Id-event] Alissa Cooper's No Objection on dr… Phil Hunt
- Re: [Id-event] Alissa Cooper's No Objection on dr… Alissa Cooper