Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-nfsv4-lfs-registry-04: (with DISCUSS and COMMENT)
Tom Haynes <thomas.haynes@primarydata.com> Thu, 09 April 2015 00:41 UTC
Return-Path: <thomas.haynes@primarydata.com>
X-Original-To: nfsv4@ietfa.amsl.com
Delivered-To: nfsv4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A87821AC3D8 for <nfsv4@ietfa.amsl.com>; Wed, 8 Apr 2015 17:41:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9vGMQB_YfI3z for <nfsv4@ietfa.amsl.com>; Wed, 8 Apr 2015 17:41:32 -0700 (PDT)
Received: from mail-pd0-f172.google.com (mail-pd0-f172.google.com [209.85.192.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77E1A1AC3EC for <nfsv4@ietf.org>; Wed, 8 Apr 2015 17:41:26 -0700 (PDT)
Received: by pdea3 with SMTP id a3so133249104pde.3 for <nfsv4@ietf.org>; Wed, 08 Apr 2015 17:41:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=b13HVp3r7CFoFkClOSbk3/KopJ/5FG4vMcLwSLiKvnk=; b=IL9bcYlz+90qeD3FZdPi2t9sjpsLaPlFxCI8TK69k5AQZNpP0Eg6WTP7PbTpKXJR08 Xfa9okWnRSeWd9ez4aU6L7eeII9V8shDeLSziiCgJp7TWYmPZyJy9m1VLmS8c7WeBZdb uLOGqsdcH5lSTT0fhS8aAFLJVF1X0/KIouV1G2k7HoNdfEH3szTj23gwpfnsJkODQDOX xa8WMu7Ar6pI4i9gIBBPRl06sw7M+EHhVQJyKXX6fK7iL7Lxf5cjA+paOtRtEO401pQ2 ENpFBAxALtzYyD/3D/55RkrmzX5pa5JHey1gMsrgLs5i1ERfrr+TWJURm9G1QRLT2ES6 FixA==
X-Gm-Message-State: ALoCoQkqzGr1QixUeloABJ6ev0iFcYhRLxZb/de1apoIsgqg1PDLkFTc1F+mM3dRmwXSYzvvd/QV
X-Received: by 10.67.4.230 with SMTP id ch6mr51081955pad.137.1428540086077; Wed, 08 Apr 2015 17:41:26 -0700 (PDT)
Received: from [10.30.8.5] ([50.242.95.105]) by mx.google.com with ESMTPSA id fk4sm12247027pbb.80.2015.04.08.17.41.24 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 08 Apr 2015 17:41:25 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_D781596B-9350-4B4B-8BF8-DC185881C0B3"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Tom Haynes <thomas.haynes@primarydata.com>
In-Reply-To: <CAD39596-FC66-492E-9E5B-1C2866632295@primarydata.com>
Date: Wed, 08 Apr 2015 17:41:22 -0700
Message-Id: <D94C6AB3-D072-4D76-9A43-0362BDA83B18@primarydata.com>
References: <20150407154310.383.14870.idtracker@ietfa.amsl.com> <CAD39596-FC66-492E-9E5B-1C2866632295@primarydata.com>
To: Barry Leiba <barryleiba@computer.org>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/nfsv4/80KfR4eurAGRiCn5M6l-nkgtMJw>
Cc: RJ Atkinson <rja.lists@gmail.com>, The IESG <iesg@ietf.org>, NFSv4 <nfsv4@ietf.org>
Subject: Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-nfsv4-lfs-registry-04: (with DISCUSS and COMMENT)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 00:41:34 -0000
Hi Barry, I just realized I should be proposing some changes, so please see below! Thanks, Tom > On Apr 8, 2015, at 4:34 PM, Tom Haynes <thomas.haynes@primarydata.com> wrote: > >> >> On Apr 7, 2015, at 8:43 AM, Barry Leiba <barryleiba@computer.org> wrote: >> >> Barry Leiba has entered the following ballot position for >> draft-ietf-nfsv4-lfs-registry-04: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> http://datatracker.ietf.org/doc/draft-ietf-nfsv4-lfs-registry/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> Setting up this registry is a fine thing, and I just have two points I'd >> like to sort out before we approve this: >> >> -- Section 5.2 -- >> >> 1. Is it your intent that the Designated Expert still has to do expert >> review when the specification is a Standards Track RFC? > > > I think that would be the easiest review of all. > > But yes, the expert reviewer would verify that it was a Standards Track RFC > and approve it. > A new paragraph to be added after the one in Section 5.2: In reviewing the published label format specification, the Designated Expert should consider whether or not the specification provides sufficient semantics for the object and subject labels to enforce the MAC model and policy administration when deployed within an organization. Another consideration is if the label format allows the given protocol to process and enforce labels as a policy administration mechanism. > >> >> 2. You have no instructions to guide the Designated Expert; some >> instructions are needed. > > Agreed. > > >> Is the DE expected to just give a basic sanity >> check to the specification? Is more thorough review of the specification >> expected? Will the DE be making any judgments about whether the >> specified label format is useful, or is or isn't a "good idea", or is the >> DE expected to approve any request with a suitable specification? Both >> DEs and applicants need to know what's expected. >> > > > I think the judgement is not whether the specified label format > useful or a “good idea”, but rather does it provide for a sound > MAC implementation? > > > > >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Some non-blocking, minor comments here: >> >> Very much a nit, but drafts have this sort of thing all the time, and we >> should probably say something more generally (I think I'll post to the >> IETF discussion list about the general point): >> >> In the abstract... >> >> To allow multiple MAC mechanisms and label formats to co-exist in a >> network, this document proposes a registry of label format >> specifications. This registry would contain label format identifiers >> and would provide for the association of each such identifier with a >> corresponding extensive document document outlining the exact syntax >> and use of the particular label format. >> >> When the draft was written, it was "proposing" a registry, and should >> that registry be created it "would contain" and "would provide" things. >> But it's now up for approval for RFC publication, and these >> characterizations are inapt; when it's published, the registry will have >> been created and will be providing all that. Drafts should be written -- >> at least by the time they enter last call -- to have the right tone as >> published RFCs. Here, I suggest these changes: >> >> 1. "proposes" -> "creates" >> 2. "would contain" -> "contains" >> 3. "would provide" -> "provides" >> >> -- Section 5 -- >> As best I can tell, this question from IANA wasn't answered in the last >> call discussion, and it needs to be: >> >>> Where should this new registry be located? Should it be placed at an >>> existing URL? If not, should the title of the new webpage be "NFS >>> Security Label Format Selection," or do you expect other registries >>> that would require a different title to be placed there? Also, should >>> it be filed under a new or an existing category at >> http://www.iana.org/protocols? >> >> IANA will sort this out with you in any case, but it would be good for >> the document to say where you would like IANA to put the registry. >> >> In Table 1, I think "Available for IANA Assignment" would be better than >> "Reserved for IANA Assignment", but it's a really small point. >> >> In Section 5.2, I suggest using the full name for the registry (add the >> word "Security"). >> >> >> _______________________________________________ >> nfsv4 mailing list >> nfsv4@ietf.org >> https://www.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] Barry Leiba's Discuss on draft-ietf-nfsv4… Barry Leiba
- Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-n… Tom Haynes
- Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-n… RJ Atkinson
- Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-n… Tom Haynes
- Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-n… Tom Haynes
- Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-n… RJ Atkinson
- Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-n… Barry Leiba
- Re: [nfsv4] Barry Leiba's Discuss on draft-ietf-n… Tom Haynes