IETF Logo Mail Archive

Re: [mile] Working group last call for ROLIE

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Wed, 05 April 2017 14:30 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E218129420 for <mile@ietfa.amsl.com>; Wed, 5 Apr 2017 07:30:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.397
X-Spam-Level:
X-Spam-Status: No, score=-13.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTP_ESCAPED_HOST=1.125, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMwVpzF5kG06 for <mile@ietfa.amsl.com>; Wed, 5 Apr 2017 07:30:41 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 871CF128854 for <mile@ietf.org>; Wed, 5 Apr 2017 07:30:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=30124; q=dns/txt; s=iport; t=1491402640; x=1492612240; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=LGBNMA6t5o5BVI7t7JFQVMNA0IcQq558SO4yn/U4vYs=; b=N4vTH/PQnZ8WRoNdXFAAOCWWKmjWXjT+jI/jo5Dx2buCBcJhzOXslRNo dxXKgM+s+7OcwunnKv7Awql21daUznT7uyiRULW147+WdOL/g+vPYZkKn oJz3JRzOVbl5imhW2bSaz5CsyITzFRiG3WpfopOzoXTkf1ME95XbxIDqe 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BoAQDt/uRY/4wNJK1cGQEBAQEBAQEBAQEBBwEBAQEBgm5mYYELB4NcihKRPJVVgg4qhB6BWgIagzM/GAECAQEBAQEBAWsohRUBAQEBAx0GClwCAQYCEQQBASEHAwICAjAUCQgCBAESCA6JeA6Ncp1cgiYrikIBAQEBAQEBAQEBAQEBAQEBAQEBAQEYBYZOhHCEQEyCUIJfBYksk0QBhn2DKoghggaBYINOg1mGOJN1AR84gQVbFYRhOR2BY3UBiDsBgQwBAQE
X-IronPort-AV: E=Sophos;i="5.36,278,1486425600"; d="scan'208,217";a="407966025"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 05 Apr 2017 14:30:39 +0000
Received: from XCH-ALN-012.cisco.com (xch-aln-012.cisco.com [173.36.7.22]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id v35EUduu018208 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL) for <mile@ietf.org>; Wed, 5 Apr 2017 14:30:39 GMT
Received: from xch-aln-010.cisco.com (173.36.7.20) by XCH-ALN-012.cisco.com (173.36.7.22) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 5 Apr 2017 09:30:38 -0500
Received: from xch-aln-010.cisco.com ([173.36.7.20]) by XCH-ALN-010.cisco.com ([173.36.7.20]) with mapi id 15.00.1210.000; Wed, 5 Apr 2017 09:30:38 -0500
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "mile@ietf.org" <mile@ietf.org>
Thread-Topic: Working group last call for ROLIE
Thread-Index: AQHSqBrX3wNPiZjeRUuG2OC1scqiSqGtfp7Q
Date: Wed, 05 Apr 2017 14:30:38 +0000
Message-ID: <59aeb29289274c4889f6e6ea9adaaa1a@XCH-ALN-010.cisco.com>
References: <CC7AB8C2-66EC-4B75-9CFA-F9A1D7A9C46D@cisco.com>
In-Reply-To: <CC7AB8C2-66EC-4B75-9CFA-F9A1D7A9C46D@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [64.102.61.63]
Content-Type: multipart/alternative; boundary="_000_59aeb29289274c4889f6e6ea9adaaa1aXCHALN010ciscocom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/UHGeOMXt26DFLZ-SMznHs4mlFio>
Subject: Re: [mile] Working group last call for ROLIE
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2017 14:30:44 -0000

Hello,

I did a final pass. The doc looks good. I think it is almost ready for publication.

I had some last minor suggestions, nits below:

·        s/MUST publish an Category Document that/MUST publish a Category Document that

·        s/URL of the appropriate RID endpoint /URL of the appropriate ROLIE endpoint

·        Section 7.4 mentions “In order to provide a global reference for these properties, this document establishes an IANA registry in Section 7.4<https://tools.ietf.org/html/draft-ietf-mile-rolie-06#section-7.4>”. So you are referring to the section in the section itself.

·        We should have caught this earlier, but there is something that came up in the ACE group multiple times: When using fixed URIs we should put them under the .well-known directory according to https://tools.ietf.org/html/rfc5785. So for every https://{host:port}/rollie/<https://%7bhost:port%7d/rollie/>... it should be https://{host:port}/.well-known/rolie/...

·        “for use in a ROLIE Any element not specified here inherits its definition and requirements” does not read well. I think it should be two sentences.

·        “An atom:feed may include additional atom:category elements using a” should be a “MAY” instead of  “may” right?

·        In 6.2.3, the paragraph “or example, the nominal element <rolie:format ns="urn:ietf:params:xml:ns:iodef-2.0"…” should be moved one paragraph above with the paragraph that talks about schema-location

·        About “The server MUST support certificate-based client authentication.” and the last paragraph n section 5.3, I can see usecases where the client does not need to be authenticated when the security information to be shared is public and does not contain any confidential info. Would it be worth to state “In usecases where client authentication is required to access the shared information use TLS client certs”? Also, mandating client cert auth is slightly aggressive. There might be usecases where HTTP Basic or Digest authentication/authorization (described in Section 5.4) would be sufficient. Would it be worth to make TLS client certs a SHOULD.

·        In section 5.3, RFC5280 is referenced. Section 6.3 explains how CRL revocation checks are performed. Even though the draft deals with CRLs it explains that the revocation status can be checked with other methodologies. I am suggesting to spell out in section 5.3 that CRL or OCSP/OCSP stapling are both acceptable for verification of revocation status.

·        In section 5.4, “Implementations MUST support user authentication.  User authentication MAY be enabled for specific Feeds.” Is slightly confusing. User auth is mandatory and the it is a MAY for Feeds? It is worth to rephrase it more clearly.

·        Make sure to remove the paragraph with “[TO BE REMOVED:” in section 8.3.

·        In section 9, “public education may choose to rely upon HTTP Authentication or similar”, I would suggest to reconsider, as I mention above, if authentication is necessary for public information that can be shared openly.

Rgs,
Panos


From: mile [mailto:mile-bounces@ietf.org] On Behalf Of Nancy Cam-Winget (ncamwing)
Sent: Tuesday, March 28, 2017 7:27 PM
To: mile@ietf.org
Subject: [mile] Working group last call for ROLIE

Colleagues,

Given the significant changes made to the last draft, we are doing another 30day WGLC for
https://tools.ietf.org/html/draft-ietf-mile-rolie-06

Please provide comments before May 1st and provide your support and/ or raise any issue you feel are yet to be addressed.

Regards, Nancy

v2.23.0 | Report a Bug | By Email