IETF Logo Mail Archive

Re: [Id-event] Push Delivery: working group last call

"Richard Backman, Annabelle" <richanna@amazon.com> Fri, 08 February 2019 21:46 UTC

Return-Path: <prvs=935a6bff5=richanna@amazon.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB6F8130FDE for <id-event@ietfa.amsl.com>; Fri, 8 Feb 2019 13:46:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.5
X-Spam-Level:
X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uMbhruquSEEE for <id-event@ietfa.amsl.com>; Fri, 8 Feb 2019 13:46:31 -0800 (PST)
Received: from smtp-fw-2101.amazon.com (smtp-fw-2101.amazon.com [72.21.196.25]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7893D130F84 for <id-event@ietf.org>; Fri, 8 Feb 2019 13:46:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1549662390; x=1581198390; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=7WCCZcQeOkvcuVUpBlCbZtQ0Iloxsp9vPWdse0Um1jE=; b=Hur+DPZoKseMHxaZuReKeR5ISF81B3jegGghOWvmTvMrJwh82s2HB7TO 15TRvjiv3VqpGFFXPmdeHom1l/TF5x1GsS36ktEE7Q+PloZhskdMgIR7X 03OKnyBUke5cJCNFUAz5Tz7EbsRl3MT2RkmNy68etsSHm8m+OTIjxH7qF 4=;
X-IronPort-AV: E=Sophos;i="5.58,348,1544486400"; d="scan'208,217";a="716983993"
Received: from iad6-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-2a-8549039f.us-west-2.amazon.com) ([10.124.125.2]) by smtp-border-fw-out-2101.iad2.amazon.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 08 Feb 2019 21:46:27 +0000
Received: from EX13MTAUWC001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198]) by email-inbound-relay-2a-8549039f.us-west-2.amazon.com (8.14.7/8.14.7) with ESMTP id x18LkQPj019508 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 8 Feb 2019 21:46:26 GMT
Received: from EX13D11UWC001.ant.amazon.com (10.43.162.151) by EX13MTAUWC001.ant.amazon.com (10.43.162.135) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 8 Feb 2019 21:46:26 +0000
Received: from EX13D11UWC004.ant.amazon.com (10.43.162.101) by EX13D11UWC001.ant.amazon.com (10.43.162.151) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Fri, 8 Feb 2019 21:46:25 +0000
Received: from EX13D11UWC004.ant.amazon.com ([10.43.162.101]) by EX13D11UWC004.ant.amazon.com ([10.43.162.101]) with mapi id 15.00.1367.000; Fri, 8 Feb 2019 21:46:25 +0000
From: "Richard Backman, Annabelle" <richanna@amazon.com>
To: "Morteza Ansari (moransar)" <moransar@cisco.com>, Marius Scurtescu <marius.scurtescu@coinbase.com>, Yaron Sheffer <yaronf.ietf@gmail.com>
CC: Dick Hardt <dick.hardt@gmail.com>, SecEvent <id-event@ietf.org>, Anthony Nadalin <tonynad@microsoft.com>, Mike Jones <Michael.Jones@microsoft.com>, Marius Scurtescu <marius.scurtescu@gmail.com>, Phil Hunt <phil.hunt@oracle.com>
Thread-Topic: [Id-event] Push Delivery: working group last call
Thread-Index: AQHUtBBAne8RAAbuhkqpmk/YmC848qXARwoA//+hGQCAAJLHAIAPj9KAgANfhQCAApb8gA==
Date: Fri, 08 Feb 2019 21:46:25 +0000
Message-ID: <00CD705A-6073-4F0D-92F3-6ECCA9B032EF@amazon.com>
References: <CAD9ie-t0eteREXoE6HD4ZUKw7G-P=WAtM1ksPuQEu_5oU=hPuA@mail.gmail.com> <c619b0bb-9322-55a5-8a26-566d2230518a@gmail.com> <4C82F80F-74ED-4EA0-AE47-0A4D8DB40A43@amazon.com> <933153f4-e3a2-73ba-3165-6f1ebd28f4d7@gmail.com> <CABpvcNuL=MFahqFi0dXm5TEeNXedKL3AUsbws6EkA0p=s4Y82g@mail.gmail.com> <30D1CCD4-3173-4DA5-9A60-EB879D75B743@cisco.com>
In-Reply-To: <30D1CCD4-3173-4DA5-9A60-EB879D75B743@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.0.180812
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.160.30]
Content-Type: multipart/alternative; boundary="_000_00CD705A60734F0D92F36ECCA9B032EFamazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/xnQAta05-ULBzLAjG4qVG3gGkIc>
Subject: Re: [Id-event] Push Delivery: working group last call
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2019 21:46:34 -0000

Responses inline.

--
Annabelle Richard Backman
AWS Identity


From: "Morteza Ansari (moransar)" <moransar@cisco.com>
Date: Wednesday, February 6, 2019 at 2:14 PM
To: Marius Scurtescu <marius.scurtescu@coinbase.com>, Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: "Richard Backman, Annabelle" <richanna@amazon.com>, Dick Hardt <dick.hardt@gmail.com>, SecEvent <id-event@ietf.org>, Anthony Nadalin <tonynad@microsoft.com>, Mike Jones <Michael.Jones@microsoft.com>, Marius Scurtescu <marius.scurtescu@gmail.com>, Phil Hunt <phil.hunt@oracle.com>
Subject: Re: [Id-event] Push Delivery: working group last call

The document looks pretty good. A few minor comments in addition to Yaron’s notes:

Section 5.4: Why not recommend signing and encrypting the SET’s in the security consideration (use stronger language than “optionally”)?

[richanna]
No objections.
[/richanna]

Section 6.0: While the recommendation of using hash value is great for privacy, wouldn’t it seriously impact interoperability without stronger language and semantics for when it is a hash vs. actual value? Feels we are punting on this and making it implementor’s problem to figure out.

[richanna]
This spec doesn’t say anything about how subject identifiers are expressed or encoded in SETs, so yes, we kind of are punting that (to profiles and Subject Identifiers). 😃 With that in mind though this paragraph may not be appropriate anymore and the paragraph before it might be sufficient.
[/richanna]

Section 7.1.1: Shouldn’t the error code syntax also allow at least “_” character since we use it in our codes?

[richanna]
…Yes. The error codes were changed but the syntax wasn’t updated accordingly.
[/richanna]

Cheers,
Morteza

From: Marius Scurtescu <marius.scurtescu@coinbase.com>
Date: Monday, February 4, 2019 at 10:43 AM
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: "Richard Backman, Annabelle" <richanna@amazon.com>, Dick Hardt <dick.hardt@gmail.com>, SecEvent <id-event@ietf.org>, Anthony Nadalin <tonynad@microsoft.com>, Mike Jones <Michael.Jones@microsoft.com>, Marius Scurtescu <marius.scurtescu@gmail.com>, Morteza Ansari <moransar@cisco.com>, Phil Hunt <phil.hunt@oracle.com>
Subject: Re: [Id-event] Push Delivery: working group last call

I support the publication of this document, with the changes suggested by Yaron Shefer and Annabelle Richard Backman.

On Fri, Jan 25, 2019 at 1:04 PM Yaron Sheffer <yaronf.ietf@gmail.com<mailto:yaronf.ietf@gmail.com>> wrote:
Thanks for the quick response! A few comments inline.

On 25/01/2019 22:18, Richard Backman, Annabelle wrote:
> Thanks for the feedback! Responses inline.
>
> --
>
> Annabelle Richard Backman
>
> AWS Identity
>
> On 1/25/19, 9:59 AM, "Id-event on behalf of Yaron Sheffer"
> <id-event-bounces@ietf.org<mailto:id-event-bounces@ietf.org> on behalf of yaronf.ietf@gmail.com<mailto:yaronf.ietf@gmail.com>> wrote:
>
>      The document looks good. Here's a bunch o' comments.
>
>      * Intro: receipt->recipient
>
> [richanna]👍[/richanna]
>
>      * "The transmitter and recipient are known to one another." But
> then we
>
>      require the *issuer* to be authenticated by the Recipient. We need to
>
>      clarify the relationship between Issuer (defined in the base spec) and
>
>      Transmitter. BTW, Issuer should be capitalized.
>
> [richanna]
>
> The intent of that sentence is to indicate that the spec assumes the
> Transmitter already knows who it needs to transmit the SET to, and the
> Recipient knows who it expects to receive SETs from, and that discovery
> of either is out of scope.
>
> You’re absolutely right. Section 2 is missing a validation step: “The
> SET Recipient is willing to accept the SET, when transmitted by the SET
> Transmitter.” Also, we can add text to the definition of SET Transmitter
> to clarify that it need not be the Issuer of the SET.
>
> [/richanna]
>
>      * "a decryption failure that may be due to misconfigured keys" -
> this is
>
>      a strange reason for retransmission, because it would normally
> require a
>
>      very slow manual operation, which could easily overwhelm the
> Transmitter.
>
> [richanna]
>
> I had in mind issues or delays with key propagation after a rotation,
> premature rejection of an outgoing key due to clock skew, intermittent
> failure when retrieving a Transmitter’s public key, etc. These are
> issues that may (depending on root cause) work themselves out after a
> few minutes, though I suppose they are not properly “misconfigured
> keys.” This example is probably just muddying the waters without
> contributing much to the text.
>
> [/richanna]
>
>      * "Transmitting a SET": if the normal response has an empty body,
> why do
>
>      we send "Accept: application/json"? The Accept header is not
> mandatory,
>
>      https://tools.ietf.org/html/rfc7231#section-5.3.2
>
> [richanna]
>
> Error responses will contain a JSON-formatted body, which the
> Transmitter MUST be prepared to accept.
>
> [/richanna]

YS: I still think the Accept header is redundant (in particular because
if you cannot understand JSON, you cannot use this protocol at all), but
I can live with it.

>
>      * "Failure Response": why is responding with the right HTTP status
> code
>
>      a MAY? What else do we expect them to do?
>
> [richanna]
>
> As I understand it, HTTP Servers have some discretion with regards to
> which status codes they respond with in certain situations. The “right
> HTTP status code” can be subjective, and may change over time as new
> status codes are defined for specific cases. SET Transmitters need to be
> prepared to receive standard HTTP status codes, but I don’t see a reason
> to impose more requirements on the SET Recipient in this area than HTTP
> itself does.
>
> [/richanna]
>

YS: I agree with everything you say, but still, this would be more
correct: "the SET Recipient SHOULD respond with an appropriate HTTP
Status Code", even if the "appropriate" code is very fuzzy. Or else,
let's remove the RFC 2119 word: "the Recipient responds".

>      * "the SET Transmitter is not permitted to transmit SETs issued by the
>
>      issuer specified in the SET" - I suggest to change the text to
> indicate
>
>      this is from the point of view of the Recipient: "the Recipient is not
>
>      willing to accept SETs issued by the specified issuer from this
>
>      particular SET Transmitter".
>
> [richanna]👍[/richanna]
>
>      * Error codes: what if the Recipient expects the SET to be protected
>
>      (e.g. signed) but it is not? Is this "authentication_failed"?
>
> [richanna]
>
> SET signatures authenticate the Issuer, not the Transmitter, so
> `authentication_failed` would be inappropriate. The Recipient should
> return `access_denied` as it is unwilling to accept this SET from this
> Transmitter. Now I’m actually wondering if there is a difference between
> `invalid_request` and `access_denied` that is meaningful at runtime.
> I’ll start a thread on this.
>
> [/richanna]
>
>      * "MUST support TLS 1.2" - we should allow for a future where TLS
>
>      1.3-only is acceptable. So, "MUST support TLS 1.2 or later".
>
> [richanna]👍[/richanna]
>
>      * IANA: the Expert Review policy requires a designated expert,
>
>      obviously. Since this is the only SecEvent registry that needs it so
>
>      far, I'd rather go for the simpler FCFS policy.
>
> [richanna]
>
> 👍, though I think we should add text to the effect of “Error Codes are
> intended to be interpreted by automated systems, and therefore SHOULD
> identify classes of errors in response to which an automated system
> could take some distinct action.”
>
> [/richanna]

YS: guidance is always good.

>
>      Thanks,
>
>                  Yaron
>
>      On 24/01/2019 20:11, Dick Hardt wrote:
>
>      > Dear SecEvent participants,
>
>      >
>
>      > This is to start a 2-week working group last call
>
>      > on draft-ietf-secevent-http-push-04
>
>      >
>
>      > https://datatracker.ietf.org/doc/draft-ietf-secevent-http-push/
>
>      >
>
>      > until Feb 8, 2019.
>
>      >
>
>      > Please send any comments to the list. In addition, if you have no
>
>      > comments but support publication of this document as-is, please
>
>      > make your voice heard.
>
>      >
>
>      > Thanks,
>
>      >
>
>      >       Dick and Yaron
>
>      _______________________________________________
>
>      Id-event mailing list
>
>      Id-event@ietf.org<mailto:Id-event@ietf.org>
>
>      https://www.ietf.org/mailman/listinfo/id-event
>

_______________________________________________
Id-event mailing list
Id-event@ietf.org<mailto:Id-event@ietf.org>
https://www.ietf.org/mailman/listinfo/id-event

v2.23.0 | Report a Bug | By Email