[Last-Call] Opsdir last call review of draft-hodges-webauthn-registries-05
Sarah Banks via Datatracker <noreply@ietf.org> Tue, 28 April 2020 17:41 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: last-call@ietf.org
Delivered-To: last-call@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 11BBE3A0C75; Tue, 28 Apr 2020 10:41:39 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Sarah Banks via Datatracker <noreply@ietf.org>
To: ops-dir@ietf.org
Cc: last-call@ietf.org, draft-hodges-webauthn-registries.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.128.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <158809569895.24036.8131068505152887145@ietfa.amsl.com>
Reply-To: Sarah Banks <sbanks@encrypted.net>
Date: Tue, 28 Apr 2020 10:41:39 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/YYMlKTL1sWKQwLhjJC5sl4p2Vuk>
Subject: [Last-Call] Opsdir last call review of draft-hodges-webauthn-registries-05
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 17:41:39 -0000
Reviewer: Sarah Banks Review result: Has Issues Hello, I too share the concerns the GENART reviewer does. In addition, a few things: 1. As a personal nit, I'm slightly annoyed as a reader that the draft defines the registries, but another doc has the default values. Just ann FYI, and I realize this is a style choice. 2. In section 2.1, it states: "Each attestation statement format identifier added to this registry MUST be unique amongst the set of registered attestation statement format identifiers.", and that they are case sensitive. Did you really intend to allow a conceptual overload where a string of "string" and "STRING" would be allowed? 3. In a few spots it's written (see 2.2.2 for example): " As noted in Section 2.2.1, WebAuthn extension identifiers are registered using the Specification Required policy, implying review and approval by a designated expert.". Implied doesn't seem to be normative. Given the follow on text here, did you explictly NOT want to make this a normative requirement? Thanks, Sarah
- [Last-Call] Opsdir last call review of draft-hodg… Sarah Banks via Datatracker
- Re: [Last-Call] Opsdir last call review of draft-… Benjamin Kaduk
- Re: [Last-Call] Opsdir last call review of draft-… Mike Jones