Re: [Last-Call] Artart telechat review of draft-ietf-oauth-step-up-authn-challenge-13
Brian Campbell <bcampbell@pingidentity.com> Wed, 22 March 2023 21:41 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 97446C14F74E for <last-call@ietfa.amsl.com>; Wed, 22 Mar 2023 14:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.091
X-Spam-Level:
X-Spam-Status: No, score=-2.091 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ViTB6zfwe5kH for <last-call@ietfa.amsl.com>; Wed, 22 Mar 2023 14:41:42 -0700 (PDT)
Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0B29C14CE46 for <last-call@ietf.org>; Wed, 22 Mar 2023 14:41:41 -0700 (PDT)
Received: by mail-pf1-x429.google.com with SMTP id n20so7378932pfa.3 for <last-call@ietf.org>; Wed, 22 Mar 2023 14:41:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=google; t=1679521301; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YnrnbJ1whhSWXXl+1LWrkzDyaAZRfsN2RV0lQxxL3ds=; b=WpttH8lEYxu88l9cIAJwsfr0OMoidhMk/E0ppdDKykmk4yZlMIpk24QPF+owSxPkP9 hPc+0ItUv5+LJ1/7oz5qppw5OnMi8Ge/FlHaRAy0rO/tllBnaEbGBK+4KSdBYAEXiiuo RxBZ5MrK+IS3VwOc5OLvzbEuK5FIkfMch4K6FXknw/lA+h3+kIuFHKmgYsSjtZEo1bn8 46F01IY9D0CXAgVXtwaWxsltscFsD821NiBZ9zP3E0UFGCOJFM/B/Ub/4t04wqKGiHAl LLwuYolWCBzRL9ICN6iTAO46jky6OkhXtRjxZ+0PsE+TK0vZc9Cy2vNm3TSJih+CLlAQ P3uQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679521301; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YnrnbJ1whhSWXXl+1LWrkzDyaAZRfsN2RV0lQxxL3ds=; b=nKK9JmjN199mZZdjMKKqp3r9m/4nq0S4Q/tQCk5ACjRVbNBkHUOYOjxsiC/LQ9ulxM 7VLDOvd5hvC2uYPZY30/GlhdB+FKi/KOG0vkGYgRaMI/rIihpZ6dF0FFqtM+bcw2jWgc JKPM2f0FpzfY8Yol9NRWVwUGlx4ogX8y63DxL9WL86Wj0FppCFgkzBRAlu2tXGxtvP7f WO8RExyvxUsPqW85Ut11LHzUk8oGvYYD9UczIKoh8jonK7WvFT3T0wtUtv6rlUJCzV70 9i9UxRmH70A4qpOlSqLfDX+IdqPTRPugO9XXG+QVGks+XZFVC6ORIg68AP4Ekon12ZIk QfCQ==
X-Gm-Message-State: AO0yUKV8qhXf0nsPawDZbt69YmA6hmouoLDeIgSK+/y5DxM930ztrMDb hlQeZO63kaEoVVqj3xdtsUKo0XTzX7LCyV6LxTjUWkqmgBAxmHjfekO8Dh43oHkFCDP/JrXESCH NLmieIJmDv+j6JAiFR48=
X-Google-Smtp-Source: AK7set8OqzBU8I/L4jMMWZsjqKnSsa8B8lcL4LuZJEwljpr0sbrxgFCUhn9p0JixXcNQ/nwyhBGs37wNifrbIsyOgG0=
X-Received: by 2002:a05:6a00:2496:b0:625:4ff8:3505 with SMTP id c22-20020a056a00249600b006254ff83505mr2820008pfv.1.1679521300248; Wed, 22 Mar 2023 14:41:40 -0700 (PDT)
MIME-Version: 1.0
References: <167934036701.34178.13686106848687201413@ietfa.amsl.com>
In-Reply-To: <167934036701.34178.13686106848687201413@ietfa.amsl.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Wed, 22 Mar 2023 15:41:01 -0600
Message-ID: <CA+k3eCQ5UNZ49A5q2nMCa47UvbseTMbkstfR_W6vPP62SUrC2w@mail.gmail.com>
To: Robert Sparks <rjsparks@nostrum.com>
Cc: art@ietf.org, draft-ietf-oauth-step-up-authn-challenge.all@ietf.org, last-call@ietf.org, oauth@ietf.org
Content-Type: multipart/related; boundary="0000000000007f5c0505f7840667"
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/iYxTBceDklwVPBSUsAJhPyWzR0g>
Subject: Re: [Last-Call] Artart telechat review of draft-ietf-oauth-step-up-authn-challenge-13
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2023 21:41:45 -0000
Hi Robert, I think Vittorio is off-site/out-of-office this week so he's unlikely to be able to reply anytime soon. In the meantime, however, I wanted to note that he did add some more explanatory/clarifying text around levels and caching to the document in -11 <https://author-tools.ietf.org/iddiff?url1=draft-ietf-oauth-step-up-authn-challenge-10&url2=draft-ietf-oauth-step-up-authn-challenge-11&difftype=--htm> following Roman's AD review and subsequent discussions (doc history for that revision has 'Updates in the Protocol Overview section clarifying the nature of "authentication levels" and caching strategies, addressing AD review comments). It's subjective, of course, but we do believe the document sufficiently discusses the concepts for the expected/intended audience. [image: Screenshot 2023-03-22 at 3.35.04 PM.png] On Mon, Mar 20, 2023 at 1:26 PM Robert Sparks via Datatracker < noreply@ietf.org> wrote: > Reviewer: Robert Sparks > Review result: Ready with Issues > > Summary: essentially ready but with issues to consider before being > published > as a proposed standard RFC. > > Thanks for addressing the nit from my previous review. > > I am not convinced that the document doesn't need more discussion around > the > points I raised as issues in my previous review. See > > https://mailarchive.ietf.org/arch/msg/last-call/Ragwzpjm_58ydcr5VHqOyrmfw5I/ > . > > I fully understand that you can't completely specify behavior, but your > explanations in your response to Roman, and the refinement in the response > to > me really belong in the draft. > > > > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
- [Last-Call] Artart telechat review of draft-ietf-… Robert Sparks via Datatracker
- Re: [Last-Call] Artart telechat review of draft-i… Brian Campbell
- Re: [Last-Call] [OAUTH-WG] Artart telechat review… Vittorio Bertocci