IETF Logo Mail Archive

Re: [mile] Artart last call review of draft-ietf-mile-rolie-10

Martin Thomson <martin.thomson@gmail.com> Thu, 02 November 2017 22:28 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: mile@ietfa.amsl.com
Delivered-To: mile@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6F6113FA0F; Thu, 2 Nov 2017 15:28:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ztOe6tIpYvA; Thu, 2 Nov 2017 15:28:45 -0700 (PDT)
Received: from mail-ot0-x22d.google.com (mail-ot0-x22d.google.com [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DED7D13F6B4; Thu, 2 Nov 2017 15:28:44 -0700 (PDT)
Received: by mail-ot0-x22d.google.com with SMTP id s88so924615ota.4; Thu, 02 Nov 2017 15:28:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=DgJgIZg1zY4+B45tLXvt4MJOjKjwEhbnijZy83l95nw=; b=AdDLSiPRLksNZi47+f6+LrrEqOd0qxPwyeFl0JJmD5xH+uT8Bm49nYgXi4q7d2KQ9X NPIWtrGcL9u4Rap+5eVh9zR7cfa0CqAUu7IBU79AhgL54xeT67Yr3HEscHOIbN3Sa1WK Qksx2FZdA2MK4ILpU8gOwzhiSbHmRn0e6d0+Ahj8MKHNHTYfetwFJa8suancNRlOerS2 Ycl1AjhPdzo/2rPb9+ETBi06iFxW4NMFWTqK5Yfe/heRfRTNNkuWbxYK1etl4wKFpdqg Xt1h8QHh/m0BGT0ZMH3Mv259Stl2ucW4ED9rXkOo2E3S5asaSpXZWpCpV4Nsxhj5/15Z +Jvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=DgJgIZg1zY4+B45tLXvt4MJOjKjwEhbnijZy83l95nw=; b=RKk+2cnglASVkpf22HP1NgyZcUKE1WGAQFXsdJ7M2b10gJogGWu1Ly9uQUfgGe6INX yeIgMtEAnpgPlOoF+DiaVUY4tsX3DOEgtIkwhEhLviWqiHbJC9GqSvSkiR2KRyQSc9/O /iuez0NHbLZbXAJBzrG03OY00/5HupWq3IHVAq41kFFL2zwG+gpEbGEbMVeeJE3MMuKd VueNW0WUox/RxsHLngleDehfnleW1aE4katWPEoaqdAFSF/EES4vbUaDKjbWYyNCRWiQ ek09t8sWnktoQBEreIDRcFdvgqQeltzS+UQeCV35qej97N5SF5ocKOWalqdmKV/SU9s4 mzOA==
X-Gm-Message-State: AJaThX6GdIQYbB0q1N3InBQmVw0hKSYomOJ9KUGeTwbG88mDVNwsKyEO ECUKLe11HG0PNtZqeV6rC7h1fjqzjuBxo15jxIM=
X-Google-Smtp-Source: ABhQp+TAD2ZUaxwdv/N31FWOUX0GEKUHxBtxV2zk652zvZByVJehwWhs0CI66YPPX0K0X587VRwk8IGBXZyurS7m42c=
X-Received: by 10.157.37.90 with SMTP id j26mr3548001otd.401.1509661724022; Thu, 02 Nov 2017 15:28:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.157.72.178 with HTTP; Thu, 2 Nov 2017 15:28:43 -0700 (PDT)
In-Reply-To: <CABkgnnX5NVZgYtOWYMgD5yEOmdnk2GEZuyR2OLNDwbTO-BytAw@mail.gmail.com>
References: <150752570618.18384.5615358468704377459@ietfa.amsl.com> <DM5PR09MB13070FC0B54EB6DB8C707EE7F0420@DM5PR09MB1307.namprd09.prod.outlook.com> <CABkgnnX5NVZgYtOWYMgD5yEOmdnk2GEZuyR2OLNDwbTO-BytAw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 03 Nov 2017 09:28:43 +1100
Message-ID: <CABkgnnWhtGJG9Td4-9Rhv--F9pTCdnOAiRBtXL8hW8LJoOugkQ@mail.gmail.com>
To: "Banghart, Stephen A. (Fed)" <stephen.banghart@nist.gov>
Cc: "mile@ietf.org" <mile@ietf.org>, "draft-ietf-mile-rolie.all@ietf.org" <draft-ietf-mile-rolie.all@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/mile/wZwNdhtYouhXVa2M3ZCJddtPnaI>
Subject: Re: [mile] Artart last call review of draft-ietf-mile-rolie-10
X-BeenThere: mile@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Managed Incident Lightweight Exchange, IODEF extensions and RID exchanges" <mile.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mile>, <mailto:mile-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mile/>
List-Post: <mailto:mile@ietf.org>
List-Help: <mailto:mile-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mile>, <mailto:mile-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Nov 2017 22:28:47 -0000

I just wanted to follow up on this.  I see that the draft has been
revised a few times, but I haven't seen any response to my comments
about the XML, or any changes related to them.

I ask, because IANA is asking about the XML registrations.  If the
working group consensus is that I'm in the rough, let me know and I'll
tell IANA that the schema is good to go.

On Fri, Oct 20, 2017 at 10:53 AM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> Thanks Stephen,
>
> Most of this looks good (I'll trust that your representation of the
> changes is accurate rather than wade through XML, though I have
> reviewed some of the changes).
>
> On Fri, Oct 20, 2017 at 3:24 AM, Banghart, Stephen A. (Fed)
> <stephen.banghart@nist.gov> wrote:
>>> The requirements in Section 5.3 on TLS use are unnecessarily strict.  It's great
>>> to recommend the use of TLS 1.2, but given that the document has no real
>>> requirement on any particular version of TLS, the use of "MUST" here is not
>>> needed.  Similarly, the prohibition on the use of 0-RTT is groundless.  The
>>> lengthy list of requirements around certificate validation only risk creating a
>>> conflict with advice in other RFCs.  Many, if not all, of these requirements are
>>> transitively included by way of referencing HTTPS documents.  I would prefer
>>> to see this entire section reduced to a simple RFC 7525 reference.
>>
>> The majority of the section has been reduced to a RFC 7525 reference. We believe that the benefits provided by 0-RTT don't outweigh the loss of forward secrecy. The text currently places this as a suggestion from the authors, and not a normative requirement.
>
> I'm going to push on this one more time.  0-RTT does not necessarily
> compromise forward secrecy.  It is also entirely possible to deploy
> 0-RTT without risk of replay attack.  But these facts don't seem
> persuasive because it is possible to implement the feature with these
> risks.
>
> The text you provide indicates that it is replay you are concerned
> about.  Do you have any analysis that indicates that someone deploying
> a server that enables early data would produce harm?  Does that
> analysis suggest any other alternative mitigation strategies?
>
> Again, I would prefer that the draft remain silent on this subject.  I
> realize that I'm in the rough here, but I consider this to be a test
> case for this.  The next person who uses HTTP will see your text,
> notice that it is good, and copy it.  It becomes precedent to forbid
> the use of 0-RTT and we forget *why*.  I would prefer that this text
> be better motivated if it is included.
>
>>> User authentication is under-specified.
>
> The new text is much more concise and targeted, thank you.
>
>>> In Section 6.2.3, what is the advantage of "rolie:format" over having a well-
>>> defined media type?  Media types can take advantage of content
>>> negotiation, existing support in link relations, and other existing tools.
>>> This rolie:format element has namespace, format, and schema; these are not
>>> useful to anyone that is ignorant of their contents.  The only advantage I see
>>> is that syntax might be validated, but semantics can't be extracted.  There's a
>>> lot of implied work in adding this element, but that doesn't seem to be
>>> justified by that advantage.  (I see that RFC 7970 doesn't define a media type,
>>> but it seems like it would be easier to correct that than to define an element
>>> like this.)
>>
>> Atom:content has an attribute for media type, which provides information about the serialization of the content representation. In many cases, we found that different formats can appear for the same content within the same media type. For example, the same piece of information may be represented using two different XML Schemas. The rolie:format element allows the entry to clarify which "format" its using beyond which serialization it is using. Ultimately the format element is not registered anywhere, nor is its contents particularly standardized. We're providing the element as a tool for repository producers to use.
>
> This is, at least in my opinion, a mistake.  It creates another layer
> of content negotiation that is not visible to HTTP.  If the same
> information can be presented in two different formats, why is it not
> possible to have two media types?  Or at least a parameterized media
> type that identifies the format.
>
> The problem with defining elements is that they are costly.  Not so
> much to specify, but to implement correctly.  If you are able to rely
> on existing mechanisms, you should do that as much as possible.
>
> It doesn't sound like you have a concrete use case for this, which
> makes me nervous.
>
>>> Section 6.2.4 defines a generic key-value mechanism.  But that is something
>>> that XML is actually good at.  Why can't users that require additional
>>> metadata use additional metadata as originally defined by Atom?  That is,
>>> replace <rolie:property name="urn:ietf:params:rolie:property:csirt-iodef-id"
>>> value="12345"/> with something like
>>> <rolie:csirt-iodef-id>12345</rolie:csirt-iodef-id>.  The final paragraph of the
>>> section recognizes this possibility.
>>
>> The latter example you provide is still possible, as unrecognized elements in ROLIE/Atom don't cause validation to fail, but are just potentially ignored by the client/server. The rolie:property element allows automated systems to have a globally available "vocabulary" of potentially available properties, that can be used to populate tables or fields in automated systems.
>
> I realize that the set of attributes you have might be useful in this
> context.  But defining them in XML would be much easier.  You don't
> create a new mechanism for expressing key-value pairs, and the
> registry that goes with it.  That seems like a minor cost, but like in
> the previous case, the choice to define another bespoke mechanism
> comes with hidden costs.  Why bother when you have a perfectly
> workable mechanism available to you already?
>
>>> Question: it's fairly widely accepted that use of IRIs in Atom has been less
>>> than successful.  Do you want to mandate use of URIs instead?  This would
>>> apply to both link relations and the "src" attribute.
>>
>> We wanted to stay in line with the requirements in Atom, if this becomes an issue it may be worth re-examining.
>
> This is your chance.  You don't get to go back or re-examine once your
> protocol is widely deployed.

v2.23.0 | Report a Bug | By Email