Re: [OAUTH-WG] [Errata Verified] RFC7800 (6187)

"Rob Wilton (rwilton)" <rwilton@cisco.com> Mon, 01 June 2020 13:55 UTC

Return-Path: <rwilton@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F0523A1088; Mon, 1 Jun 2020 06:55:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=H+qM1RV2; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=TIRUjJsx
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06dcJzEtAuLD; Mon, 1 Jun 2020 06:55:22 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B1743A1086; Mon, 1 Jun 2020 06:55:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8606; q=dns/txt; s=iport; t=1591019722; x=1592229322; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=ZsONauRMpu8T0y4rFxFFqUUVAHiWEYl7rVq9SpLttSU=; b=H+qM1RV2GS/qfSSOWG1QFFfuypIW+2EvFK2UQUvPjWzPOFQyrb86YuzM vZ1uvN6ABweKcx+w8q0VAorjhCS5nEL3IgsIaRUSIEZ+HISoa5R8KEsq1 NS0nQboRkJ2eDtZGHAFrkDdmha0VqEfEpvfqvNtenDfVzWq2xWlRsCuhf E=;
IronPort-PHdr: 9a23:sBTL5xwkTKT3W3/XCy+N+z0EezQntrPoPwUc9psgjfdUf7+++4j5ZRaHt/5qiUfUQYjBrfVehLmev6PhXDkG5pCM+DAHfYdXXhAIwcMRg0Q7AcGDBEG6SZyibyEzEMlYElMw+Xa9PBteH8PmekHfuDu19zFBUhn6PBB+c+LyHIOahs+r1ue0rpvUZQgAhDe0bb5oahusqgCEvcgNiowkIaE0mRY=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CxAABsB9Ve/5FdJa1mGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIFKgVBSB29YLywKhBuDRgONQ5hMglIDVQsBAQEMAQEjCgIEAQGERAIXgg4CJDgTAgMBAQsBAQUBAQECAQYEbYVZDIVyAQEBAQIBEhERDAEBNwELBAIBCBEEAQEBAgImAgICMBUICAIEDgUIGoMFgksDDiABDqJyAoE5iGF2gTKDAQEBBYUfGIIOCYEOKoJkiWMagUE/gRFDgk0+gQSBGkkDAYFlgxIzgi2OZgSCUDyRNJApCoJXmQ2CZpsykj2YboMuAgQCBAUCDgEBBYFqIoFADwdwFRoXD3sdgSMpCUcXAg2QQINyhFk7hUJ0AjUCBggBAQMJfItjAYEPAQE
X-IronPort-AV: E=Sophos;i="5.73,461,1583193600"; d="scan'208";a="505441864"
Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 01 Jun 2020 13:55:21 +0000
Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 051DtLUF002916 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 1 Jun 2020 13:55:21 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 1 Jun 2020 08:55:21 -0500
Received: from xhs-rtp-003.cisco.com (64.101.210.230) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Mon, 1 Jun 2020 08:55:20 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-003.cisco.com (64.101.210.230) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Mon, 1 Jun 2020 09:55:20 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=doU/kNzqkZvmbgq9x+j8fj4HOlqzhwWnvWBFC/q/6xys0HI4ANqknBCzN/XA8Pu4jICJlsg0cKW2IGVYF97ar6P42QZn0xhu5/ddEdYJ01qR6BM8CHLIZAgXkcZLOFDfWAx/ZIgBJ2iP8wEaWERFPxoIEt+6nFdNgLUIoaJw5/IYqx+2ncBFx3rlmTdg9v1rfskNMv6CdPNNmgEluo82+po4x6wD7XZXYMvzqHwR65ukAHEwde9KMwUYj3qKpyxx/U57HOgGlqC6ZyA3ZTbKdbh0uTJ2R1SQXPYDdHdL9NBTU29YqXViXvpJIhlxsOfqhkVk954XHP/ewUQEyDF6OA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZsONauRMpu8T0y4rFxFFqUUVAHiWEYl7rVq9SpLttSU=; b=X1gqxGtSHBMuLU4IqR1c5OI5DwOzWQvDeJY5t+GwUtL+LfpKxKgxII4suwOCV9QHTNQhFXpGB2NouhS+2bIpMGUcFFalCDqkQcJd7IPOldg1fq1EJ9H2VlhthUHy/1qSptbtLRi2+u0dgcanOELMqf+KIGMyU8KrpADIYqZJA4YxNJjE8sSz8v8yy9/x7iVbrFFCDlg2imPj8kDaB1dMwZnVNFRZJQfQDvKQhZDx8e4lxdRF58xtA1UNRUnyCERE2VtdeAKsPfF8aoOSX90xGf1hkERuMlbB5bDHDfjH44xxxv9TkMlQWjL7P182sqm3LWzjdAPqXzL33ZQVutwaXg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZsONauRMpu8T0y4rFxFFqUUVAHiWEYl7rVq9SpLttSU=; b=TIRUjJsxmWOph1ebleydnOlw5IukR8YYysiuB0OfEyyGrQujk6iSX8v0DxDlYagwxS9emC3TdXozr6Czz3AGf9ljkM88PYX3nh8a1474p6RqEaPXi6ME9uH+uKAhcwX2pXTTH49yxQEtD313S0oxzTzsyat/CGTle4Fwz5Tycfs=
Received: from MN2PR11MB4366.namprd11.prod.outlook.com (2603:10b6:208:190::17) by MN2PR11MB4062.namprd11.prod.outlook.com (2603:10b6:208:150::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3045.21; Mon, 1 Jun 2020 13:55:19 +0000
Received: from MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::e9d4:79b5:aef1:be18]) by MN2PR11MB4366.namprd11.prod.outlook.com ([fe80::e9d4:79b5:aef1:be18%5]) with mapi id 15.20.3045.024; Mon, 1 Jun 2020 13:55:18 +0000
From: "Rob Wilton (rwilton)" <rwilton@cisco.com>
To: Barry Leiba <barryleiba@computer.org>
CC: RFC Errata System <rfc-editor@rfc-editor.org>, "mbj@microsoft.com" <mbj@microsoft.com>, Benjamin Kaduk <kaduk@mit.edu>, "ve7jtb@ve7jtb.com" <ve7jtb@ve7jtb.com>, "Hannes.Tschofenig@gmx.net" <Hannes.Tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>, Pete Resnick <resnick@episteme.net>, "iesg@ietf.org" <iesg@ietf.org>
Thread-Topic: [Errata Verified] RFC7800 (6187)
Thread-Index: AQHWNuulQReviV4PKkaVPVtDH4tsaqjBkK2AgAAEBACAAhv7EIAADyMAgAACDoCAAAINQA==
Date: Mon, 01 Jun 2020 13:55:18 +0000
Message-ID: <MN2PR11MB4366A91A0442E965399A9177B58A0@MN2PR11MB4366.namprd11.prod.outlook.com>
References: <20200531013404.4528BF40721@rfc-editor.org> <AA62FB03-89F3-4931-AB7C-0BE281970A2E@episteme.net> <20200531040924.GM58497@kduck.mit.edu> <MN2PR11MB436654658A3926B05A9CC79BB58A0@MN2PR11MB4366.namprd11.prod.outlook.com> <CALaySJ+D0wfaj2=KbP-z8rka=HzdHRn5EV-8jbT2_g_tFy7L6A@mail.gmail.com> <CALaySJK5Ry46zvpdX_bC3MgZKuZUu_-fiLeNRDdYMgTQ6QUf1A@mail.gmail.com>
In-Reply-To: <CALaySJK5Ry46zvpdX_bC3MgZKuZUu_-fiLeNRDdYMgTQ6QUf1A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: computer.org; dkim=none (message not signed) header.d=none;computer.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [64.103.40.27]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d2e5632f-8590-4889-2a57-08d806336b82
x-ms-traffictypediagnostic: MN2PR11MB4062:
x-microsoft-antispam-prvs: <MN2PR11MB406264FC82148F5ACF26FD80B58A0@MN2PR11MB4062.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0421BF7135
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: B9HQnqWJliaSI1ZOTNm+05yqNRwtVn7FarKQ2Kqn/H9I4VwOu8u5XiExMa9GcUeVvZ4eSJRhbXxuPYNX//FLsD3C81iHF8CmuuAcygPqFKMLf+Q+48IooybdttXe2LeOFUZrMVwBwZCnVDS875dfPnfSX2nWUnGNQhgOpPnbRJ4ePorWIa/GUsIWiunCoQV7zAcAvA3JW1JD2cRpY+g+XbekH35uYGw5yHwMuCXGiVUsy2SitWUi1OLwDqDDtV49Z31GOXw5MbSPp5BoKUc47n3t8W8te/gf/163IXC0OxvMcG6pI7t0V+t/urUOIv9vO2lty8/mri7g7ZytYg5LBQVbBsJpWYS2vB9hECtE82eAE5avLgQyHGtLIRf41uKtFnz4RDALQ9vcaQAs1pl87Q==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB4366.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(376002)(136003)(346002)(366004)(39860400002)(71200400001)(33656002)(186003)(6916009)(478600001)(316002)(7696005)(52536014)(966005)(15650500001)(86362001)(54906003)(5660300002)(83380400001)(4326008)(76116006)(8676002)(8936002)(66476007)(2906002)(6506007)(55016002)(66556008)(64756008)(45080400002)(26005)(66446008)(66946007)(53546011)(9686003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: Vasrum7CdLggb4EFjEwDkvFxB5P/ipehmux4CAJmYmUxQdxQKx7xSGUk8etiMifkjvCY9ooUMZww4EXoGxeA9dkCKE++cii9ylDcZcmYgp8AOUasfMBqfB0B3IxoEw9OUcO00Lc/VcOO/7zBB43u8086i9SWkXO6ciEaudq/2nrjik8aNuyjRPorcGOT/L3UtQa1gnm7p9g1flsLYvw3LOSKQAtYA+y4BcdrR28qOsR7mmX6IgZhi9MfOeSH3jplatr/5gSbotNPVWkFY9j60N3diFryNSLrbt4tvOkMbgboXBJ6VXbUSpj4WwT6GLxBjKJxg7CvbFxAFGuDNZgtUnDzeIu/yOo23PWkgZB0IygvOzSGvLwX2ng/vEy1XA4+tJKd+px4e/foVlkIIm2XqtGXY0y9Ms0spqg57vt2QxwHVPp1c2d1zHOBxqS/yNPPahnfx9bwFAHuY3+K3amg/2aI00rSP9K91TsdCyZz/SY=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: d2e5632f-8590-4889-2a57-08d806336b82
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Jun 2020 13:55:18.7867 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aLsWD80YBYkpIvDcCXGFXru6mDWoeIuldOU2WBN6V3z7ZlHUclFSJyVny79PTC12JmmdnyUcxZ4ekI1rLIr2gg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4062
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com
X-Outbound-Node: rcdn-core-9.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/eI1Oc1BIiydX_OsZvy8q7dCKq3c>
Subject: Re: [OAUTH-WG] [Errata Verified] RFC7800 (6187)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2020 13:55:26 -0000


> -----Original Message-----
> From: iesg <iesg-bounces@ietf.org> On Behalf Of Barry Leiba
> Sent: 01 June 2020 14:24
> To: Rob Wilton (rwilton) <rwilton=40cisco.com@dmarc.ietf.org>
> Cc: RFC Errata System <rfc-editor@rfc-editor.org>; mbj@microsoft.com;
> Benjamin Kaduk <kaduk@mit.edu>; ve7jtb@ve7jtb.com;
> Hannes.Tschofenig@gmx.net; oauth@ietf.org; Pete Resnick
> <resnick@episteme.net>; iesg@ietf.org
> Subject: Re: [Errata Verified] RFC7800 (6187)
> 
> Further on this:
> 
> In the "editorial" realm, there are two classes of "correct" errata
> reports:
> 
> 1. Trivial and obvious typos, such as spelling "and" as "adn".
> 
> 2. Others, such as a number with transposed digits, which could,
> indeed, be confusing.
[RW] 

This seems entirely reasonable.

> 
> The guideline that we're discussing is meant to separate those out,
> saying that class 1 should go to HFDU, while class 2 might qualify as
> Verified.  Whether a particular report falls into class 1 or 2 is
> usually clear, but sometimes a matter of judgment.  And then whether a
> class 2 report rates Verified or HFDU is also sometimes a matter of
> judgment.  I'm personally happy with leaving that to judgment, rather
> than trying to be overly rigorous about making rules for it.  I'm also
> happy with the idea of clarifying or altering the guidelines, if
> someone wants to make a specific proposal.
[RW] 

Personally, at least for new ADs, I think that it would probably be useful to clarify the guidelines.

I could propose some text, but I think that the first question to answer really relates to the inline-errata output.  It would be nice if spelling and grammatical mistakes were included in the inline-errata, since there seems to be no good reason why they should not be and they may be helpful to a non-native speaker.  If only "verified" errata can be included inline then it might be an idea to classify these as something like "verified, inconsequential".

Thanks,
Rob


> 
> One thing we have talked about is having the RPC handle editorial
> class 1 reports, and we can discuss that again if we like.  Should we
> do that, it might make sense to have a separate handling code for
> those that the RPC resolves.
> 
> Barry
> 
> On Mon, Jun 1, 2020 at 9:16 AM Barry Leiba <barryleiba@computer.org>
> wrote:
> >
> > That's what the "technical" vs "editorial" distinction is supposed to be
> for.
> >
> > Barry
> >
> > On Mon, Jun 1, 2020 at 8:27 AM Rob Wilton (rwilton)
> > <rwilton=40cisco.com@dmarc.ietf.org> wrote:
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: iesg <iesg-bounces@ietf.org> On Behalf Of Benjamin Kaduk
> > > > Sent: 31 May 2020 05:09
> > > > To: Pete Resnick <resnick@episteme.net>
> > > > Cc: mbj@microsoft.com; iesg@ietf.org; ve7jtb@ve7jtb.com;
> > > > Hannes.Tschofenig@gmx.net; oauth@ietf.org; RFC Errata System <rfc-
> > > > editor@rfc-editor.org>
> > > > Subject: Re: [Errata Verified] RFC7800 (6187)
> > > >
> > > > The new text is clearly the right thing, and there is no need
> > > > to debate it if/when the document gets updated.  "Don't hold
> > > > it; do it now", so to speak -- and noting that (my
> > > > understanding/recollection of) the plan for
> > > > https://www.rfc-editor.org/rfc/inline-errata/rfc7800.html is that
> only
> > > > verified errata, not those in other states, will be displayed.
> > > [RW]
> > >
> > > If this ends up being the plan, then I think that we may wish to
> modify the RFC guidance, or possibly have two different verified states:
> > >  (i) Verified, could impact implementations
> > >  (ii) Verified, editorial only.
> > >
> > > Certainly, it seems to be makes sense for these sorts of errata to be
> displayed.
> > >
> > > Regards,
> > > Rob
> > >
> > >
> > > >
> > > > (Yes, that link 404s at the moment, I assume a caching issue.)
> > > >
> > > > -Ben
> > > >
> > > > On Sat, May 30, 2020 at 10:55:01PM -0500, Pete Resnick wrote:
> > > > > "Verified", not "Hold For Document Update"?
> > > > >
> > > > > pr
> > > > >
> > > > > On 30 May 2020, at 20:34, RFC Errata System wrote:
> > > > >
> > > > > > The following errata report has been verified for RFC7800,
> > > > > > "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)".
> > > > > >
> > > > > > --------------------------------------
> > > > > > You may review the report below and at:
> > > > > > https://www.rfc-editor.org/errata/eid6187
> > > > > >
> > > > > > --------------------------------------
> > > > > > Status: Verified
> > > > > > Type: Editorial
> > > > > >
> > > > > > Reported by: Pete Resnick <resnick@episteme.net>
> > > > > > Date Reported: 2020-05-26
> > > > > > Verified by: Benjamin Kaduk (IESG)
> > > > > >
> > > > > > Section: 7.1
> > > > > >
> > > > > > Original Text
> > > > > > -------------
> > > > > >    [JWK]      Jones, M., "JSON Web Key (JWK)", RFC 7517,
> > > > > >               DOI 10.17487/RFC7157, May 2015,
> > > > > >               <http://www.rfc-editor.org/info/rfc7517>.
> > > > > >
> > > > > >
> > > > > > Corrected Text
> > > > > > --------------
> > > > > >    [JWK]      Jones, M., "JSON Web Key (JWK)", RFC 7517,
> > > > > >               DOI 10.17487/RFC7517, May 2015,
> > > > > >               <http://www.rfc-editor.org/info/rfc7517>.
> > > > > >
> > > > > >
> > > > > > Notes
> > > > > > -----
> > > > > > DOI has a typo: 7157 instead of 7517.
> > > > > >
> > > > > > --------------------------------------
> > > > > > RFC7800 (draft-ietf-oauth-proof-of-possession-11)
> > > > > > --------------------------------------
> > > > > > Title               : Proof-of-Possession Key Semantics for JSON
> Web
> > > > > > Tokens (JWTs)
> > > > > > Publication Date    : April 2016
> > > > > > Author(s)           : M. Jones, J. Bradley, H. Tschofenig
> > > > > > Category            : PROPOSED STANDARD
> > > > > > Source              : Web Authorization Protocol
> > > > > > Area                : Security
> > > > > > Stream              : IETF
> > > > > > Verifying Party     : IESG
> > > > >
> > > > >
> > > > > --
> > > > > Pete Resnick https://www.episteme.net/
> > > > > All connections to the world are tenuous at best
> > >