[Id-event] Benjamin Kaduk's Yes on draft-ietf-secevent-http-poll-11: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Wed, 17 June 2020 00:59 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: id-event@ietf.org
Delivered-To: id-event@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6477B3A0ACD; Tue, 16 Jun 2020 17:59:33 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-secevent-http-poll@ietf.org, secevent-chairs@ietf.org, id-event@ietf.org, Yaron Sheffer <yaronf.ietf@gmail.com>, yaronf.ietf@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 7.3.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <159235557339.17419.7778312585499134203@ietfa.amsl.com>
Date: Tue, 16 Jun 2020 17:59:33 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/zn3IJuWce0yqER53ULs53U3QULM>
Subject: [Id-event] Benjamin Kaduk's Yes on draft-ietf-secevent-http-poll-11: (with COMMENT)
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2020 00:59:34 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-secevent-http-poll-11: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-secevent-http-poll/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Prompted by Mark Notthingham's comments, we should perhaps leave some breadcrumbs that -push has discussion of alternatives considered and rejected, though this is less important if that section is to be removed prior to publication as an RFC. It may be worth mentioning explicitly in Section 1 that one of the pieces of configuration metadata to be exchanged includes the authentication/authorization information for the Recipient, or to discuss Recipient authentication/authorization in Section 3 where server (i.e., Transmitter) authentication is covered. When we reference RFC 6125, we only mention the DNS-ID name type in Section 4.3 but not in Section 3. As for -push, we don't necessarily need to mention it in both places, but it might be nice to be consistent or to remove some of the redundancy. Section 5 As for -push, I think both SET Issuers and Transmitters (not just one or the other) should consider the ramifications of sharing a particular SET. While it's true that (as the secdir reviewer of -push noted) when JWE is used the Issuer has sole knowledge/control, but in other cases the Issuer may not know the full recipient list.
- [Id-event] Benjamin Kaduk's Yes on draft-ietf-sec… Benjamin Kaduk via Datatracker
- Re: [Id-event] Benjamin Kaduk's Yes on draft-ietf… Mike Jones