[OAUTH-WG] Re: Roman Danyliw's No Objection on draft-ietf-oauth-resource-metadata-10: (with COMMENT)
Michael Jones <michael_b_jones@hotmail.com> Tue, 01 October 2024 04:08 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1676EC151983; Mon, 30 Sep 2024 21:08:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.232
X-Spam-Level:
X-Spam-Status: No, score=-1.232 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oLteKMqbTHok; Mon, 30 Sep 2024 21:08:40 -0700 (PDT)
Received: from DM5PR21CU001.outbound.protection.outlook.com (mail-centralusazolkn19011033.outbound.protection.outlook.com [52.103.13.33]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAC21C15154E; Mon, 30 Sep 2024 21:08:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=veHgbSprJ/ERSbuUcjHQRZJKItKqaQfHwheLZ9Fr6jPU7WxIHLHqLuCj3CvppcS+W56ye/6HPywntJIU/0+bao6skH3DJgmjX9kytqilPU0xVE7swzKFePLxhRo7Mjqbd28NLgv419ABeLPnOuEvI/gfs4gSNaQ5ck0Lh+luCpKd23Ty7fPtrkE8j5Yr2sE4P+ysE9hceAWPE2ZCm+r6ALYxLTrVTTLJZWCqoRhkxkwmwCx58ZxNdc4tgbe6agFMf1IehTHw3caMafEEAJafuZCehdFbd/CKJHrqXFQEWJbBvaSkVLk/Os0h0KwnFw9qpxrL9/meqORzaESyrrwS1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QtJebJ0vbQDGBK57qJHiUuQyeoTNR/+cI1ZrfXyh0DU=; b=qtMKdB6XXZUG6HyutHZgB8dGH1gyZD+hSQgChA3BCy0brRxljXVOZ9e+79jsBkFGHnq62flcvvCw7qj/wqCJr68l9781UvHOXWtgW7q8XO17eQSlc3TTaBEoSkSCkcMn82xmmgNhJgXAGDRYWIKa1w+P53Qc0LZLGYCn0VMgjl7acA2sMhuZ3TrHvc6s0fOUdSh8YCalx1AHrbGgSRyXnl8EeViYu0WI1sWpe0JI++CegB6LnNqGKacJ0EA6vrmcxQTSSlxGfaS0iEoJA9YyFboZeGl8uMEjh3Lls0QV7XmRewO79DJd829a5BP3BnZqF0xeuZMNEVymREjCELgw6A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QtJebJ0vbQDGBK57qJHiUuQyeoTNR/+cI1ZrfXyh0DU=; b=h2jzQ5mVytpZXG+7ATsgtuNKzfG96OP1JMo5r5wWui0uG/hs4mHVyBJyGEsjGSvRx/XyR3wCYy9aLl55E8ShS3Xtt7TSE+BZjbcOts0ZfIDLe+Zg5N9z8+Sf7gwwnAppPWeMl2lmtp5TGgeYstfXZBFp5751Kh6wWhegtkHx70Bh8u2urG+hB9ZPFsGsyIz1fBIK2pkfRArAxq9T2+Mm7/DkRWYU6HNcQ9QIw65/USUABnGJxDcCmlwX4ibjK3P0t2ISoHj/n7c1mAxCtN3rnPnuGwqD3bOhByY+LMMsqKqJqpMwPVqBeKaMi6LNfW9G58/AX65EQHxeIgHLUGLLVw==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by CO6PR02MB7665.namprd02.prod.outlook.com (2603:10b6:303:a3::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005.27; Tue, 1 Oct 2024 04:08:38 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::6394:e79c:c32a:4c6a]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::6394:e79c:c32a:4c6a%3]) with mapi id 15.20.8005.024; Tue, 1 Oct 2024 04:08:38 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-oauth-resource-metadata-10: (with COMMENT)
Thread-Index: AQHbE1LHxyvQlG0OqE29pErXFAdxsLJxF+8w
Date: Tue, 01 Oct 2024 04:08:38 +0000
Message-ID: <SJ0PR02MB743934EE8E0E7E3CBD96BC36B7772@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <172771241390.605005.18427358815879124786@dt-datatracker-7bbd96684-zjf54>
In-Reply-To: <172771241390.605005.18427358815879124786@dt-datatracker-7bbd96684-zjf54>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|CO6PR02MB7665:EE_
x-ms-office365-filtering-correlation-id: 0081e359-73cf-4b00-6426-08dce1ceba7a
x-microsoft-antispam: BCL:0;ARA:14566002|461199028|19110799003|8060799006|15080799006|7092599003|8062599003|10035399004|3412199025|4302099013|440099028|102099032|1602099012;
x-microsoft-antispam-message-info: eWY/5oKcFokINuiK+WC4KcmO5Q6sZAhflG4B1Nxp6QNMviJN2iIi+37bJ6ZxQRFKlK2uLfMavK9VHGHcosT+TusCzQJmZcpB7SF2qUWL80upiDnzM0SV9ZQIBZLlynXSouRbKei45pD84sN7ON3eYGjjjr3508z4M+Po37yFJCgpSRQ4rE2WZn6Ty+Z7Bd/5fTB3+iVRLIGbvVffE4i3ttqGu4/8fgcPUmB7Nn52qLBL4iRXnRSpHGHbAguFIEr8fQLz/f2Thiuuat7b+govl24ADlos/tkprFIEZO3XZ/1AVD5qkKAbG4TAx01if3v0knpxSDXU8wFqeW43dmGh9sxHFmQMbB6PVaxx918QcLd3+FvWFM3Cw24TFermCKdgkd9c2/Jwn73oAiRYTTq1Z864U2xaPppOno0hhBV4n8ynzmLK97NtHaqTI1r71pn3/j9MOcZE78lNtlV4JLRX7hPU0nqYV2Xhx30Gwr3nhoTn707kPN+4kvGtGwJAUlljKR1zq/lmGTOch9c/r/Ya50uh0/j+FczB37u6ABBuRZhNAwuQkhbYSxVzaQDldiAYLBr2m0hdzAux0RvD66sz5HYglBNV+rxEvO5ojint7127yTAcpNAuzSVf9fbdqyMtAYAfKGEiv+2AlsCR9yjwg6SMrJG62Za45YldHfjKtcWuI5WkhOfLkF/bjD+jBGGUbNdgcW34xHhzwQPsADVH0Z4BQ0UN9nlgcxK1iBRsmQ+zAPEscOv/00mPMkYOGHmH84p1KltHVbOaI5QzJeh57kl1eQ7TjgYAo61uXEuz0aD/t5lq03tAQUQKgzNX/+aNaCmY9wbVrOAMiuKgNs309g+7WPoIzuOtTfuF9kHKeFovXjChqYEbhluEQzlzFx4M
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6nqSaFS9Xpxas3CZUqizp5pBhubGo/I6Ivs/ZwYEpPd00ZmtKr0tuRFE8hqQikCjkz5OLOcz6k5UG6EsgUfRuC4xTEqh1MMeWEdnY4M0fvFf7chqWCuchhKcfhmPsAOlEf41ssyjbmrcJ04lbahJctbO/MF+eDTfAxJOPORXGpNfJCwnB8ddxVdoeP4qCNw1yq1HaLlMXsARB7Eq3a2UmZMBiC1Q/zfWcbqUqBqzMUDDJJV8X5GQGSwbtVh5Eb1urjOgpEXSnQuSoHUnB3baRAGD9b1wFy9LwZxgnZN0M5fFZxmUyk/f+KhKQbZ/eCx3UJXSeTRBj81xjUd309RBnNSGR+fo3C7d3LGfzOymfjEcbOU77dNjrJ/U39onufuY1R2kElQ7oEUO8lyAV1S1ukvI6LDIe0KzPzqHjoIpKxYJvunI+23Xn8/nhDuQ4fiPMWKbXkUbFpsTy1ugRnH2K47TM7yVlNb9e0sMg0jJ13al1hgWxdr7v4p0uBbg2FrKMungq/vt3Zu1blOhnu3L29G0xbXO6t9mRpXGKXzZ4LlnyTet5uwp0UC9wB6g8U1DRzCESr61rkPWVNb9I1W2rAt+DkvJw1o43HNGYXNyxIKd+l5fl+VY/9oLUkNLaRRpPEwYagWBLYpHf1a4Uig6NvJ3C7D9AxUOAThHsJkQfM9H8+PAGnexgCjwqn+qsNSqz7Jnu3VNrVuzjuEnnDMeFeFVS7bQXdcrJGsugyEFXn3hThPmItt9kM6+Dxg1BCVZ3cco/2RawQewVkci2QnYJ9Ke27xufJv8MiW298WdyF59xbqknvUiizc5Kf6JVTAPDya74I8Fuq2i7J0LvmEix2tLhWE1quqTO9yAkUOH2+jMNaelHRk+HptpGk7dhryVjY/uMvEr2x4OaU7Q118iYrfqqan2724gcamPVcTQGmJ0Ya2CspoCFyojvoTKyBCzMeAwnuNdH6WDD2Ri4UPyf1YpVU+TQaxB+XTLNfgGExnDLBsvsJg5J/gS6NgXCDS/RaNU687VX094mkFBfc2YR++wukeJ2/GnIQm7fFHs46CKJ9Nve7OYs1iahCHKAalwjgIpYMCvaMIQu4BPIgZmWpIW2ju8tusOo8MP+g/MEFv2WWSsCKg90oM3q3aPkzxThWxRdGWw0NPACHp7J9PZGqJtEF60RuGAxsaqDmyRLR2WERXnXKSSocFFVwGExCCSwliRrHFK3+HbFg+KpXHVadCrC5GLlhMW67Q32IePtlupisQCDHdJS374TEShaV/g
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-0f88b.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 0081e359-73cf-4b00-6426-08dce1ceba7a
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2024 04:08:38.7502 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR02MB7665
Message-ID-Hash: Q7IYKV6ASSBMT3FFKSTKFGGMF4CGA4FL
X-Message-ID-Hash: Q7IYKV6ASSBMT3FFKSTKFGGMF4CGA4FL
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-oauth-resource-metadata@ietf.org" <draft-ietf-oauth-resource-metadata@ietf.org>, "oauth-chairs@ietf.org" <oauth-chairs@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Re: Roman Danyliw's No Objection on draft-ietf-oauth-resource-metadata-10: (with COMMENT)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/vV5g4cacRH8dyX0yEY7ZNPMAO7A>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Thanks for your review, Roman. My responses are inline below, prefixed by "Mike>". The proposed resolutions below are incorporated in https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/58. Please let me know if you'd like to see any changes before we apply them. -----Original Message----- From: Roman Danyliw via Datatracker <noreply@ietf.org> Sent: Monday, September 30, 2024 9:07 AM To: The IESG <iesg@ietf.org> Cc: draft-ietf-oauth-resource-metadata@ietf.org; oauth-chairs@ietf.org; oauth@ietf.org; rifaat.s.ietf@gmail.com; rifaat.s.ietf@gmail.com Subject: Roman Danyliw's No Objection on draft-ietf-oauth-resource-metadata-10: (with COMMENT) Roman Danyliw has entered the following ballot position for draft-ietf-oauth-resource-metadata-10: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-metadata/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- ** Section 2.2 signed_metadata A JWT containing metadata values about the protected resource as claims. This is a string value consisting of the entire signed JWT. A signed_metadata metadata value SHOULD NOT appear as a claim in the JWT. If signed_metadata appears as a claim, what should be done with it? Mike> This is the same language as used in https://www.rfc-editor.org/rfc/rfc8414.html#section-2.1, for what it's worth, but it's a fair question. We can add language saying that this is grounds for rejecting the metadata as being invalid. ** Section 7.1 Implementations SHOULD follow the guidance in BCP 195 [RFC8996] [RFC9325], which provides recommendations and requirements for improving the security of deployed services that use TLS. Why can't this document require (MUST) conformance to BCP 195 and delegate responsibility to maintaining those recommendations to the BCP? Mike> Will do. (This language is a remnant of a time before BCP 195 existed.) ** Section 7.3 TLS certificate checking MUST be performed by the client, as described in Section 7.1, What guidance in Section 7.1 discusses TLS certificate checking? Mike> I'll update this to instead describe the use of RFC 9525 (Service Identity in TLS). ** Section 8.1.1 Change Controller: For Standards Track RFCs, list the "IETF". Wouldn't "IETF" be listed for all RFCs in the IETF stream? Mike> More old language. I'll change "For Standards Track RFCs" to "For IETF stream RFCs". ** Section 8.3.1 * URI suffix: oauth-protected-resource * Change controller: IETF * Specification document: Section 3 of [[ this specification ]] * Related information: (none) For editorial clarity, https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml uses "Reference" not "Specification document". Consider harmonizing the column names. Mike> Will do Thanks for your useful review! -- Mike
- [OAUTH-WG] Roman Danyliw's No Objection on draft-… Roman Danyliw via Datatracker
- [OAUTH-WG] Re: Roman Danyliw's No Objection on dr… Michael Jones