Re: Genart last call review of draft-ietf-httpbis-expect-ct-07
Emily Stark <estark@google.com> Tue, 06 November 2018 17:22 UTC
Return-Path: <estark@google.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFEDB12F1AB for <ietf@ietfa.amsl.com>; Tue, 6 Nov 2018 09:22:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7XaorBkkls_h for <ietf@ietfa.amsl.com>; Tue, 6 Nov 2018 09:22:09 -0800 (PST)
Received: from mail-yw1-xc29.google.com (mail-yw1-xc29.google.com [IPv6:2607:f8b0:4864:20::c29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C72C212F1A5 for <ietf@ietf.org>; Tue, 6 Nov 2018 09:22:08 -0800 (PST)
Received: by mail-yw1-xc29.google.com with SMTP id k6-v6so5442928ywa.11 for <ietf@ietf.org>; Tue, 06 Nov 2018 09:22:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ScTxqGZc1RmJjWvl1la0cgj/fCoR1aMKtiMAxJUfjPs=; b=QHftJgLxPxMsZXTUR/gcALaZWubuD6ryi86XTz9/2tjoVAimIU2zw1ZcuPgi74Qvc7 CrtsGxeUbrNtIc92F7Z4ii3sE5d1yWRYiFhBvjd7nQRQS8sM3RYNEUA+SmPb4eaFY0XP yvKHmNuZCi3ghewWkhmYPZXtOYszMU6otmNuSq/6spiMTE0GEl96/L41alFqyUy5CMkj h2I6ySL6TGpqcqvA2EV2ADHZ3yVXgWnUWqaF/wVNbHpirmU9nR1x7IWsdk/+Rcyv03kA aszvxFHFg8O765aO+4soDSM1zTKI6GJLRPEL+G4cYMTBBkGs5mbw6kTbgRGj/IVdRA62 sOeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ScTxqGZc1RmJjWvl1la0cgj/fCoR1aMKtiMAxJUfjPs=; b=NzQHtXI9tEgPYUyB1vIByPRtKcDkGWKBSEaK0vjRFzImlm7ANYb/lthjK4SSn6znt8 emLya+G842dFeUJWdFPf1LXefuBwWp+d8jq+Ep2mCLq44uGV9wktlMbciPk0PHg751Bk dLpVrUsT3xuaYOevYQy4Zz8ojbCrscDI0xU7YVORacbQNAenivwaX8EjyZG66mjUvJV+ 5P1FtMgq10OOGKOI5mL/fP2QKGupTSEsE2lGj+kXYR+M5t1KrwbyMc+0eQRbgGi1KWKe iSMdWnvN+AnfeWWYfVsiwWH0ixHIxv4wbH7VDJnc6m7U7exEagE93gmqbSp2PToavzTV EERg==
X-Gm-Message-State: AGRZ1gLYoDNKnbZXgID5k7dO06LjTOxHw/XInVvnM3XhoV/2me/QUAzA 4EAwPfNLmpJUqJYJBvG4NxN2ZNBzCpg6uvDgTBw8pA==
X-Google-Smtp-Source: AJdET5f1ZINh2nV3F58h5XDbHH7ZwqBwUqKQwZ9+5VCcC3QErjcTc/fUmC2Z154xRXoCag967iSPhgCJfeMxVoPI+04=
X-Received: by 2002:a0d:f1c4:: with SMTP id a187-v6mr1637705ywf.482.1541524927735; Tue, 06 Nov 2018 09:22:07 -0800 (PST)
MIME-Version: 1.0
References: <153373436209.6619.4659166145359716789@ietfa.amsl.com>
In-Reply-To: <153373436209.6619.4659166145359716789@ietfa.amsl.com>
From: Emily Stark <estark@google.com>
Date: Tue, 06 Nov 2018 09:21:55 -0800
Message-ID: <CAPP_2SabH04hizmJu-tABDnZkot3MJE+cqPo7bdqsqe9h4P0Cw@mail.gmail.com>
Subject: Re: Genart last call review of draft-ietf-httpbis-expect-ct-07
To: vijay.gurbani@nokia.com
Cc: gen-art@ietf.org, draft-ietf-httpbis-expect-ct.all@ietf.org, ietf@ietf.org, httpbis <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="000000000000bb5236057a023dd2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/lvg5ZdXgYhozz5nNK1RaZblGd_4>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 17:22:12 -0000
Thanks for the comments! I've addressed these in https://github.com/httpwg/http-extensions/commit/98ba23ab8c7435f46f5e677cbea54cc215e07d24 (with some replies inline). On Fri, Aug 31, 2018 at 8:53 AM Vijay Gurbani <vijay.gurbani@nokia.com> wrote: > Review result: Ready with Nits > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please treat these comments just > like any other last call comments. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-httpbis-expect-ct-?? > Reviewer: Vijay K. Gurbani > Review Date: 2018-08-08 > IETF LC End Date: 2018-08-14 > IESG Telechat date: Not scheduled for a telechat > > Summary: Ready with nits. > > Major issues: 0 > > Minor issues: 4 > > Nits/editorial comments: 3 > > Minor: > 1/ S1, s/future/subsequent/ > > 2/ S2.1, list item 4: "UAs must not attempt to fix" --> any reason "must > not" > is not normative? (Okay to leave it like this, I am just curious as to > why not simply make it normative.) > This was already fixed in a previous editor's draft. > > 3/ S2.3.2.1: Why the qualification "error-free TLS conection"? Does that > imply that other TLS connections are error-prone? I suspect that the > "error-free" qualifier to the "TLS connection" has to do with the > validation in S2.4 (as indicated by the text in brackets). If so, then > perhaps this is better stated as "Upon receipt of the Expect-CT response > header field over a TLS connection validated as described in Section 2.4, > the UA ..." > > "Error-free" here is meant to refer to RFC 5280 certificate chain validation as well as any other validation that UAs apply to TLS connections, in addition to the validation described in Section 2.4. I've added a parenthetical to clarify that. > 4/ S7: Does it make sense to enumerate one or more means on how UAs > should explain the reason? A specific HTTP header? JSON body? May > help doing so for the sake of being explicit while designing protocols, > and perhaps it can help interoperability. > This is meant to be end-user-facing, e.g. a certificate error page in a web browser, which I've tried to clarify in the text. > > Nits: > 1/ Abstract: either one of the following substitutions will work better: > s/header field, named Expect-CT, that/header field named Expect-CT, which/ > s/header field, named Expect-CT, that/header field, Expect-CT, which/ > > (There are other examples like this that should be edited. > Another one appears in S2.3.2: "If the UA receives, over a secure > transport, > an HTTP response that includes ..." => this can be better worded as "If > the UA receives an HTTP response over a secure transport that includes > ...") > > 2/ S2.1: list item 4: s/value data, that/value data that/ > > 3/ S4: s/could themselves only cure/can mitigate/ > > > > > > >
- Genart last call review of draft-ietf-httpbis-exp… Vijay Gurbani
- Re: Genart last call review of draft-ietf-httpbis… Emily Stark