IETF Logo Mail Archive

Re: [mile] Artart last call review of draft-ietf-mile-rolie-10

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Thu, 19 October 2017 17:17 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DAC4A132E24; Thu, 19 Oct 2017 10:17:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5XsbuV5mbR2s; Thu, 19 Oct 2017 10:17:52 -0700 (PDT)
Received: from mail-pg0-x232.google.com (mail-pg0-x232.google.com [IPv6:2607:f8b0:400e:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C74D4132CE7; Thu, 19 Oct 2017 10:17:52 -0700 (PDT)
Received: by mail-pg0-x232.google.com with SMTP id m18so7709538pgd.13; Thu, 19 Oct 2017 10:17:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=azux2pCaohyrzsNJvbxlFrzj/mvxO6LrxE9Tu8DgyAo=; b=nYpegiO7BgdweqAaDvCLLexUqgEqrfK08cToiGRqdNzcAcyeMUxTK3Cm/1P6QQDHVf gVVlK+KEUZs3XNt5DPgzo/PRJFq9dBQiP2HqwL241PKRa4AqW5ObvmrdxJ+MRU4m4Ses PtjFTX5XdEzItJJHR/A/SnrL3/A3xUzkfd9thWzRZC/s17Jbxi1TcQgMW+6FuJhEVrtV tfbCJ0ORJWK6k4Yn4H2K2FMsXlR0ixpAW4GADjyOlNvZkppnm7wgT/FuA8o+zFrLCZ8Z 5ceIwao5/zSwpypWML4JZG+blLYlrfbmyFclR1EA2o2+aRdkwQLgEEVkPS4Y9T9imAPs jZNg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=azux2pCaohyrzsNJvbxlFrzj/mvxO6LrxE9Tu8DgyAo=; b=c5NV8S25KZun9X/uBHjUofa+QUkRXdOReO/eZkLxFjjouxSqFMBG8HOZIacpbkJzSB 94Xh4a1PPuZXPQw1vtqTTuKjdKth7aRRGgdy28pzdOwe9rrpfx9Uf532F/9JW9GBbBxy /grsVLsZs3bzb3Oo6xF66PUPNqilOKRuBUHEUZzK62IUIWGoPTlVssvmer3rggC/AEiy agUo3CZrjBFawyHQkq2MYmTAJoBQYQjl4qcVjipR9MlkHl6akD47JyA5FN60qBxyKQbM V60kOiRsH/7rRqOHvw05D/9QlXmv/3fb/UEU65jH/p8dwYhDbQqaVmtuJDYDtvChkxGE I4uw==
X-Gm-Message-State: AMCzsaVvTpaunD2icv6S8fqACgM9y3lhzhab1yNHnYvzZwTfVuOZX3gF /4+TVrMN84BEZdHDp+Vkojl5SK9bGL52lln9Iqc=
X-Google-Smtp-Source: ABhQp+SDVruZCEkVx5lhJC52eiMoxnL4pRgoUU9C+yHqpwUCiqhxCMhm7846oibb3kXmJnKysrvpoyyrnD+kXSsxVIc=
X-Received: by 10.98.33.15 with SMTP id h15mr2095062pfh.319.1508433472390; Thu, 19 Oct 2017 10:17:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.186.194 with HTTP; Thu, 19 Oct 2017 10:17:11 -0700 (PDT)
In-Reply-To: <DM5PR09MB13070FC0B54EB6DB8C707EE7F0420@DM5PR09MB1307.namprd09.prod.outlook.com>
References: <150752570618.18384.5615358468704377459@ietfa.amsl.com> <DM5PR09MB13070FC0B54EB6DB8C707EE7F0420@DM5PR09MB1307.namprd09.prod.outlook.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Thu, 19 Oct 2017 13:17:11 -0400
Message-ID: <CAHbuEH5PMrNLTbpxru=ks-JwcpzG3hABb39itZAWK+WQtr48eA@mail.gmail.com>
To: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
Cc: Martin Thomson <martin.thomson@gmail.com>, "mile@ietf.org" <mile@ietf.org>, "draft-ietf-mile-rolie.all@ietf.org" <draft-ietf-mile-rolie.all@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/qfOp6MPiLbMysX5KMFkNTRZb3sA>
Subject: Re: [mile] Artart last call review of draft-ietf-mile-rolie-10
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Oct 2017 17:17:55 -0000

Hi Stephen,

On Thu, Oct 19, 2017 at 12:24 PM, Banghart, Stephen A. (Fed)
<stephen.banghart@nist.gov> wrote:
> Martin,
>
> I've put the rest of my comments inline, and uploaded a -11 version of ROLIE to the Github with the changes. Providing there are no additional major comments I'll post this version to datatracker today.
>
> Thanks again for the great review,
> Stephen
>
>> -----Original Message-----
>> From: mile [mailto:mile-bounces@ietf.org] On Behalf Of Martin Thomson
>> Sent: Monday, October 09, 2017 1:08 AM
>> To: art@ietf.org
>> Cc: mile@ietf.org; ietf@ietf.org; draft-ietf-mile-rolie.all@ietf.org
>> Subject: [mile] Artart last call review of draft-ietf-mile-rolie-10
>>
>> Reviewer: Martin Thomson
>> Review result: Almost Ready
>>
>> I have reviewed this document, and - despite what appears to be a lengthy
>> list of issues - I think that it is in pretty good shape.  It's clear, readable, and
>> addresses the requirements well.  Most of my comments should be trivial to
>> resolve.
>>
>> Major:
>>
>> The decision to define a .well-known URI without a discovery story is - in my
>> opinion - inadvisable.  Such a registration is usually appropriate if you design a
>> protocol that depends on discovery by hostname and port.  As such, this
>> does not use that at all.  A configuration system can (and should) accept a
>> complete URI for the service endpoint.  It would be better to defer creation
>> of yet another .well-known URI registration until the working group is certain
>> that discovery requires it.
>
> Discussed in a separate thread.
>
>> The same comment applies to the .well-known resource for the category
>> document.
>>  Given that this sort of document is readily discoverable via the service
>> document, I would say that the need for a .well-known resource is less well-
>> justified than the service document.
>
> We agree, removed the registration for the category document location.
>
>> The requirements in Section 5.3 on TLS use are unnecessarily strict.  It's great
>> to recommend the use of TLS 1.2, but given that the document has no real
>> requirement on any particular version of TLS, the use of "MUST" here is not
>> needed.  Similarly, the prohibition on the use of 0-RTT is groundless.  The
>> lengthy list of requirements around certificate validation only risk creating a
>> conflict with advice in other RFCs.  Many, if not all, of these requirements are
>> transitively included by way of referencing HTTPS documents.  I would prefer
>> to see this entire section reduced to a simple RFC 7525 reference.
>
> The majority of the section has been reduced to a RFC 7525 reference. We believe that the benefits provided by 0-RTT don't outweigh the loss of forward secrecy. The text currently places this as a suggestion from the authors, and not a normative requirement.

This is a substantial change as a result of just one reviewer.  The
only thing the MUST does is hold up final publication until an RFC #
is assigned for TLS 1.3.  TLS 1.3 shouldn't be too far off, so waiting
may be worth having the normative language.  I think this is one the
WG needs to weigh in on to change and tradeoffs of waiting for final
publication.  It's not just the editors that recommend this, I do as
am sure others do as well.

Best regards,
Kathleen
>
>> User authentication is under-specified.
>
> As any repository using user authentication is already inherently pre-communicating with its consumers, we felt that underspecifying authentication mechanisms allowed for each sharing consortium to control their own repositories. Whatever system they are using already for internal/external sharing authentication can be used here as long as it meets the ROLIE requirements.
>
>> * Section 5.3 mandates the use of TLS cipher suites that support client
>> authentication using certificates, but offers no further advice.  Aside from
>> being an unnecessary requirement - cipher suites that support certificate-
>> based authentication of servers all allow for client authentication - this sort of
>> requirement is rarely sufficient for interoperation.  For instance, you need to
>> specify how a server will request a certificate such that clients can select the
>> correct certificate.  If a client and server have agreed to share information on
>> terms that rely on authentication of clients, it is better for those peers to
>> arrange the terms on which they will authenticate.
>
> Removed cipher suite text as these recommendations are provided by RFC 7525.
>
>> * Section 5.4 uses "SHOULD" regarding client authentication using federation,
>> but offers no hints about what this entails.  It also uses "SHOULD" regarding
>> authorization checks, which isn't an interoperability requirement.  It's more
>> of a "don't be silly" type of requirement, which doesn't need to be written
>> down in an RFC.
>
> While its true that this is a "don't do anything stupid" requirement, I think that its valuable as a reminder that the authorization checks need to support full granularity through the entire resource tree.
>
>> Section 5.5 prohibits the use of GET on "/".  This prohibits use of the resource
>> for other purposes.  It seems reasonable to accept POST messages as
>> defined in RFC 6546, but this requirement is overly strict (and further
>> entrenches the violation of RFC 7320).  If, for instance, the server operator
>> wishes to provide HTML in response to a GET request to "/", this would
>> prohibit that.  The requirement to return 404 if RFC 6546 is not supported is
>> worse; not supporting RFC 6546 might be a choice that a deployment makes
>> to avoid the need to reserve "/" for that protocol.
>
> Cleaned up the text describing this requirement to be more clear that they only trigger when an implementation has decided to support RFC 6546. Removed the 404 requirement when not supporting RFC6546, as I agree that it was overly restrictive.
>
>> In Section 6.2.3, what is the advantage of "rolie:format" over having a well-
>> defined media type?  Media types can take advantage of content
>> negotiation, existing support in link relations, and other existing tools



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email