Re: [Int-area] Alexey Melnikov's No Objection on draft-ietf-intarea-provisioning-domains-10: (with COMMENT)
Tommy Pauly <tpauly@apple.com> Wed, 22 January 2020 16:51 UTC
Return-Path: <tpauly@apple.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 77FC512011C; Wed, 22 Jan 2020 08:51:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AWT7oxsEF9Qs; Wed, 22 Jan 2020 08:51:36 -0800 (PST)
Received: from nwk-aaemail-lapp03.apple.com (nwk-aaemail-lapp03.apple.com [17.151.62.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAB5512011B; Wed, 22 Jan 2020 08:51:36 -0800 (PST)
Received: from pps.filterd (nwk-aaemail-lapp03.apple.com [127.0.0.1]) by nwk-aaemail-lapp03.apple.com (8.16.0.27/8.16.0.27) with SMTP id 00MGn2vd032862; Wed, 22 Jan 2020 08:51:34 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=sender : from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=MFAYBEI28RntNkl3MZWwo61fwp5MI4HjviovwKx/K50=; b=aZyifmQ6yRUKKMJBNWMEbq00Dhh5G0Tzo5+M+KDjPAfJyRiv3uCfFNKLRZKeAOUevm8t a8IC5U5ZomgCLQNlKSoOLQK4dE/rOkOO1f4kVHKYweEO31D/HyZFHdxpdcl7h++vjjMB JdgZK+1BiCmykWd0uDd8YZEwigjvRgcfZ/s40nWgs7uKPRov2Ndz14R4b8GYu/Ma8gSU phsm0QndydOjgKd/G/I8Gw3VIKWniL/YM44X1g7E8hPGWj7MbySALrvwslR2NaLbGSKN 3D4oL3CaXoYHxTOQrMREY+k2CFHy1F+m42QypTqmH18XGehB65n2CsCiNalPFDpHmKS8 ow==
Received: from ma1-mtap-s03.corp.apple.com (ma1-mtap-s03.corp.apple.com [17.40.76.7]) by nwk-aaemail-lapp03.apple.com with ESMTP id 2xmk4pdkbb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 22 Jan 2020 08:51:34 -0800
Received: from nwk-mmpp-sz12.apple.com (nwk-mmpp-sz12.apple.com [17.128.115.204]) by ma1-mtap-s03.corp.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPS id <0Q4I00C2EPHXRI30@ma1-mtap-s03.corp.apple.com>; Wed, 22 Jan 2020 08:51:33 -0800 (PST)
Received: from process_milters-daemon.nwk-mmpp-sz12.apple.com by nwk-mmpp-sz12.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) id <0Q4I00C00OVNK700@nwk-mmpp-sz12.apple.com>; Wed, 22 Jan 2020 08:51:33 -0800 (PST)
X-Va-A:
X-Va-T-CD: 79363714f8e983b70dc7a0e1b08bdcce
X-Va-E-CD: 3bcf4349502ce5fae14517d5b5ac7393
X-Va-R-CD: 900af54521ac2b69568bf47f0e16ba18
X-Va-CD: 0
X-Va-ID: 6f6143b6-9224-4310-8efb-aeddd0b22377
X-V-A:
X-V-T-CD: 79363714f8e983b70dc7a0e1b08bdcce
X-V-E-CD: 3bcf4349502ce5fae14517d5b5ac7393
X-V-R-CD: 900af54521ac2b69568bf47f0e16ba18
X-V-CD: 0
X-V-ID: af54af86-af1a-476d-98c8-6aa4226a9ea0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2020-01-22_07:,, signatures=0
Received: from [17.230.170.238] by nwk-mmpp-sz12.apple.com (Oracle Communications Messaging Server 8.0.2.4.20190507 64bit (built May 7 2019)) with ESMTPSA id <0Q4I00B58PHUPA00@nwk-mmpp-sz12.apple.com>; Wed, 22 Jan 2020 08:51:30 -0800 (PST)
Sender: tpauly@apple.com
From: Tommy Pauly <tpauly@apple.com>
Message-id: <FCFFB9DA-52E6-4CBC-ABBA-30B60C4C958F@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_1705F340-C038-44D8-A5CA-E2A459BB6B7F"
MIME-version: 1.0 (Mac OS X Mail 13.0 \(3594.4.17\))
Date: Wed, 22 Jan 2020 08:51:27 -0800
In-reply-to: <157927564324.20257.6910251491259534334.idtracker@ietfa.amsl.com>
Cc: The IESG <iesg@ietf.org>, ek@loon.com, draft-ietf-intarea-provisioning-domains@ietf.org, int-area@ietf.org, intarea-chairs@ietf.org
To: Alexey Melnikov <aamelnikov@fastmail.fm>
References: <157927564324.20257.6910251491259534334.idtracker@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3594.4.17)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2020-01-22_07:, , signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/r0UdG4u80ISJltp4FSeV7yLIh3o>
Subject: Re: [Int-area] Alexey Melnikov's No Objection on draft-ietf-intarea-provisioning-domains-10: (with COMMENT)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2020 16:51:40 -0000
Hi Alexey, Thanks very much for the review! I'm keeping pending changes available here, to be published after the telechat: https://github.com/IPv6-mPvD/mpvd-ietf-drafts/pull/25 I've updated the text to reference a DNS-ID in the cert, and not imply that there is only one such name: ... (e.g., that a DNS-ID {{?RFC6125}} on the certificate is equal to the PvD ID expressed as an FQDN) I've also added a reference to HTTP/2 and mentioned that the example is using the HTTP/2 syntax: The following example shows a GET request that the host sends, in HTTP/2 syntax {{?RFC7540}}: Thanks, Tommy > On Jan 17, 2020, at 7:40 AM, Alexey Melnikov via Datatracker <noreply@ietf.org> wrote: > > Alexey Melnikov has entered the following ballot position for > draft-ietf-intarea-provisioning-domains-10: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-intarea-provisioning-domains/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > This is a well written document, but I have a small set of issues I would like > to discuss: > > 4.4. Detecting misconfiguration and misuse > > When a host retrieves the PvD Additional Information, it MUST verify > that the TLS server certificate is valid for the performed request > (e.g., that the Subject Alternative Name is equal to the PvD ID > expressed as an FQDN). > > The last sentence is not right: you should say “one of Subject Alternative > Names is equal to ... “ because a server certificate can have multiple Subject > Alternative Names. > > 5.4. Providing Additional Information to PvD-Aware Hosts > > This section is using HTTP/2 syntax for requests and responses, but HTTP 2 RFC > is not listed as a reference. > > > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area
- [Int-area] Alexey Melnikov's No Objection on draf… Alexey Melnikov via Datatracker
- Re: [Int-area] Alexey Melnikov's No Objection on … Benjamin Kaduk
- Re: [Int-area] Alexey Melnikov's No Objection on … Alexey Melnikov
- Re: [Int-area] Alexey Melnikov's No Objection on … Tommy Pauly