IETF Logo Mail Archive

RE: Last Call: <draft-farrell-decade-ni-07.txt> (Naming Things with Hashes) to Proposed Standard

"Worley, Dale R (Dale)" <dworley@avaya.com> Tue, 12 June 2012 15:42 UTC

Return-Path: <dworley@avaya.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB6D221F848A for <ietf@ietfa.amsl.com>; Tue, 12 Jun 2012 08:42:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.849
X-Spam-Level:
X-Spam-Status: No, score=-103.849 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DALw3fGJYSY7 for <ietf@ietfa.amsl.com>; Tue, 12 Jun 2012 08:42:24 -0700 (PDT)
Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) by ietfa.amsl.com (Postfix) with ESMTP id 4426E21F86AB for <ietf@ietf.org>; Tue, 12 Jun 2012 08:42:23 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAD1i10+HCzI1/2dsb2JhbABFEwEBtSOBB4IYAQEBAQIBEig/BQsCAQgNCCEQMiUBAQQOBQgah2QFC5wtnH2QWGADljGEY4oGgnw
X-IronPort-AV: E=Sophos;i="4.77,397,1336363200"; d="scan'208";a="310643978"
Received: from unknown (HELO p-us1-erheast.us1.avaya.com) ([135.11.50.53]) by de307622-de-outbound.net.avaya.com with ESMTP; 12 Jun 2012 11:40:49 -0400
Received: from unknown (HELO DC-US1HCEX4.global.avaya.com) ([135.11.52.35]) by p-us1-erheast-out.us1.avaya.com with ESMTP; 12 Jun 2012 11:24:08 -0400
Received: from DC-US1MBEX4.global.avaya.com ([169.254.2.202]) by DC-US1HCEX4.global.avaya.com ([135.11.52.35]) with mapi; Tue, 12 Jun 2012 11:42:10 -0400
From: "Worley, Dale R (Dale)" <dworley@avaya.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Tue, 12 Jun 2012 11:42:08 -0400
Subject: RE: Last Call: <draft-farrell-decade-ni-07.txt> (Naming Things with Hashes) to Proposed Standard
Thread-Topic: Last Call: <draft-farrell-decade-ni-07.txt> (Naming Things with Hashes) to Proposed Standard
Thread-Index: Ac1Ipp6c5UvoY7mlQ/usnwWx1+yIigACK6Ui
Message-ID: <CD5674C3CD99574EBA7432465FC13C1B22726A0B7A@DC-US1MBEX4.global.avaya.com>
References: <CD5674C3CD99574EBA7432465FC13C1B22726A0B76@DC-US1MBEX4.global.avaya.com>, <4FD75051.10702@cs.tcd.ie>
In-Reply-To: <4FD75051.10702@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2012 15:42:24 -0000

> From: Stephen Farrell [stephen.farrell@cs.tcd.ie]
> 
> > For example, in section 3, the syntax of the "ni" URI scheme is
> > spelled out with admirable clarity and exactness, including:
> >
> >    Digest Value [Required]  The digest value MUST be encoded using the
> >       base64url [RFC4648] encoding.
> >
> > Hmmm, "the digest value"...  The digest value *of what*?
> 
> The input to the digest is not defined by this draft, except
> in the case of public keys. (See other comments wrt MIME &
> Content Type as well.)

True... But what I am looking for is an explicit statement that the
process described in the draft *takes as input a string* which is not
defined in this draft.  Ideally, that fact should be stated separately
before the first description of any operation which is applied to the
string.  ("When defining a function, you must first state its
signature...")

> > Going back to section 2 for a moment, there is:
> >
> >    When the input to the hash algorithm is a public key value, as may be
> >    used by various security protocols, the hash SHOULD be calculated
> >    over the public key in an X.509 SubjectPublicKeyInfo structure
> >    (Section 4.1 of [RFC5280]).
> >
> > I can see what this means, but it's not very clear.  A better way to
> > write it would be:
> >
> >     When the input is intended to be a public key value, as may be
> >     used by various security protocols, the input to the hash SHOULD
> >     be an X.509 SubjectPublicKeyInfo structure (Section 4.1 of
> >     [RFC5280]) containing the public key rather than the public key
> >     value itself.
> 
> Have to say I prefer the existing text.

OK...  But I dislike the phrase "hash calculated over" -- a hash is a
function, it has an input, and it has an output.

> > Unfortunately, the example is somewhat incongruous, as "Hello World!"
> > is not obviously a name or reference to any object.
> 
> In this case the object named is just those 12 characters.
> 
> > Thus while it
> > still is clear how it can be input to the processes that are described
> > in the draft, it doesn't seem to be a conceptually typical example.
> 
> Well, I could have said a file that contains "Hello World!" (12 chars:-)
> 
> But I don't think its much clearer, maybe less.

It all depends on how one creates the input string from the object,
and there are a lot of ways of doing that (object contents, object
locator, etc.).  Properly speaking, that is out of scope of this
draft.  But the explanatory talks a great deal about "refering to an
object" without providing any details, which leads me assume that the
input strings are the locators of the objects in question, else they
would be references to the objects.

> > Then we get to:
> >
> >    Given the SubjectPublicKeyInfo in Figure 6 we derive the names shown
> >    in Figure 7 for this value.
> >
> > I can't tell what this means. What is "this value"?  Is it the
> > immediately preceding URI
> > (http://example.com/.well-known/ni/sha-256/f4OxZX_x_FO5LcGBSKHWXfwtSx-j1ncoSt3SABJtkGk)?
> > In what manner does the "given" SubjectPublicKeyInfo affect the names?
> 
> No, the input value is the DER encoding of the SPKI as stated earlier.
> I guess the following is a little more correct so I've changed it to:
> 
>    Given the DER-encoded SubjectPublicKeyInfo in Figure 6 we derive
>    the names shown in Figure 7 for this value.
> 
> > If the input value was meant to be the SubjectPublicKeyInfo itself,
> > the sentence would not add "this value", which strongly suggests a
> > *different* value than the one mentioned just before in the same
> > sentence.  Rather, one would say:
> >
> >    We derive the names shown in Figure 7 from the SubjectPublicKeyInfo
> >    in Figure 6.
> 
> I don't get the difference to be honest.

To my ear, the phrase "this value" in the sentence is strongly implied
*not* to be "the SubjectPublicKeyInfo".  It's hard to explain why, of
course, but it has something to do with the fact that if they were the
same, a separate noun phrase would not be needed, a simpler sentence
could be used to express the same meaning.

To avoid that effect, I would say:

    We derive the names shown in Figure 7 from the SubjectPublicKeyInfo
    in Figure 6.

or

    From the SubjectPublicKeyInfo in Figure 6, we derive the names
    shown in Figure 7.

Dale

v2.23.0 | Report a Bug | By Email