Re: [OAUTH-WG] [Errata Verified] RFC7800 (6187)

Barry Leiba <barryleiba@computer.org> Mon, 01 June 2020 13:23 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10ECC3A1044; Mon, 1 Jun 2020 06:23:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pFmZ3tvsfv8W; Mon, 1 Jun 2020 06:23:47 -0700 (PDT)
Received: from mail-io1-f53.google.com (mail-io1-f53.google.com [209.85.166.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45FC53A0F2E; Mon, 1 Jun 2020 06:23:47 -0700 (PDT)
Received: by mail-io1-f53.google.com with SMTP id s18so6879314ioe.2; Mon, 01 Jun 2020 06:23:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vergsmrEDhSPZr4q5947Ns/Zsr3xwbZ+d+iFtoPgZ4Y=; b=Dxy7Y4gmJXN4iJKiXXuoCA7IhRRLEPZCHiDuOUGsl3aKA6vjgMSLi7fKNlb4V4RmJe baJC/AuGh5/GjAp4C3iBZII6jLjiFzf84PjdpDuBflCzkGhgvmoZjNnU5ienUp/moge2 p1nu8ltHm7VjI6jt5DS9L6A8d2mdqss++K9Gf0klwB7M4H5khcC4SPQzCiy9t0M7y+cI kmCgOKHd54CcKXWmmOCr/TVoXk+2PMEQDk1f0fzo0d+ke8hTFafmwA7Hefjkq1VoBLxG 0L86oM6LCUMmqb5lQzceE0v4h0SfucpfREU2HkByTv8EoKxltzOPUx/dwgyjBMpRzHNQ W2yQ==
X-Gm-Message-State: AOAM533/I9zeyJcQk8xtjo1GJoPelL20m+X0euAuH8IQhGC9v1mFC7Ea c0c4uLwvbcPbcH6M0yq+blaTrL/B2vTe0Oh4mf0U7A==
X-Google-Smtp-Source: ABdhPJxSBYl60Q20F3qJsx6Dvq/3JNiN6CMe/HWwmijNk8toi9ahAo9EKvdmkmzAJyhUOtreDpUYwyE1WlV7lPdcug0=
X-Received: by 2002:a05:6602:2817:: with SMTP id d23mr18664098ioe.206.1591017826395; Mon, 01 Jun 2020 06:23:46 -0700 (PDT)
MIME-Version: 1.0
References: <20200531013404.4528BF40721@rfc-editor.org> <AA62FB03-89F3-4931-AB7C-0BE281970A2E@episteme.net> <20200531040924.GM58497@kduck.mit.edu> <MN2PR11MB436654658A3926B05A9CC79BB58A0@MN2PR11MB4366.namprd11.prod.outlook.com> <CALaySJ+D0wfaj2=KbP-z8rka=HzdHRn5EV-8jbT2_g_tFy7L6A@mail.gmail.com>
In-Reply-To: <CALaySJ+D0wfaj2=KbP-z8rka=HzdHRn5EV-8jbT2_g_tFy7L6A@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Mon, 01 Jun 2020 09:23:35 -0400
Message-ID: <CALaySJK5Ry46zvpdX_bC3MgZKuZUu_-fiLeNRDdYMgTQ6QUf1A@mail.gmail.com>
To: "Rob Wilton (rwilton)" <rwilton=40cisco.com@dmarc.ietf.org>
Cc: Benjamin Kaduk <kaduk@mit.edu>, Pete Resnick <resnick@episteme.net>, "mbj@microsoft.com" <mbj@microsoft.com>, "iesg@ietf.org" <iesg@ietf.org>, "ve7jtb@ve7jtb.com" <ve7jtb@ve7jtb.com>, "Hannes.Tschofenig@gmx.net" <Hannes.Tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>, RFC Errata System <rfc-editor@rfc-editor.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/w6s0KhdYFmGZGN3YTvD4K9n7udc>
Subject: Re: [OAUTH-WG] [Errata Verified] RFC7800 (6187)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jun 2020 13:23:49 -0000

Further on this:

In the "editorial" realm, there are two classes of "correct" errata reports:

1. Trivial and obvious typos, such as spelling "and" as "adn".

2. Others, such as a number with transposed digits, which could,
indeed, be confusing.

The guideline that we're discussing is meant to separate those out,
saying that class 1 should go to HFDU, while class 2 might qualify as
Verified.  Whether a particular report falls into class 1 or 2 is
usually clear, but sometimes a matter of judgment.  And then whether a
class 2 report rates Verified or HFDU is also sometimes a matter of
judgment.  I'm personally happy with leaving that to judgment, rather
than trying to be overly rigorous about making rules for it.  I'm also
happy with the idea of clarifying or altering the guidelines, if
someone wants to make a specific proposal.

One thing we have talked about is having the RPC handle editorial
class 1 reports, and we can discuss that again if we like.  Should we
do that, it might make sense to have a separate handling code for
those that the RPC resolves.

Barry

On Mon, Jun 1, 2020 at 9:16 AM Barry Leiba <barryleiba@computer.org> wrote:
>
> That's what the "technical" vs "editorial" distinction is supposed to be for.
>
> Barry
>
> On Mon, Jun 1, 2020 at 8:27 AM Rob Wilton (rwilton)
> <rwilton=40cisco.com@dmarc.ietf.org> wrote:
> >
> >
> >
> > > -----Original Message-----
> > > From: iesg <iesg-bounces@ietf.org> On Behalf Of Benjamin Kaduk
> > > Sent: 31 May 2020 05:09
> > > To: Pete Resnick <resnick@episteme.net>
> > > Cc: mbj@microsoft.com; iesg@ietf.org; ve7jtb@ve7jtb.com;
> > > Hannes.Tschofenig@gmx.net; oauth@ietf.org; RFC Errata System <rfc-
> > > editor@rfc-editor.org>
> > > Subject: Re: [Errata Verified] RFC7800 (6187)
> > >
> > > The new text is clearly the right thing, and there is no need
> > > to debate it if/when the document gets updated.  "Don't hold
> > > it; do it now", so to speak -- and noting that (my
> > > understanding/recollection of) the plan for
> > > https://www.rfc-editor.org/rfc/inline-errata/rfc7800.html is that only
> > > verified errata, not those in other states, will be displayed.
> > [RW]
> >
> > If this ends up being the plan, then I think that we may wish to modify the RFC guidance, or possibly have two different verified states:
> >  (i) Verified, could impact implementations
> >  (ii) Verified, editorial only.
> >
> > Certainly, it seems to be makes sense for these sorts of errata to be displayed.
> >
> > Regards,
> > Rob
> >
> >
> > >
> > > (Yes, that link 404s at the moment, I assume a caching issue.)
> > >
> > > -Ben
> > >
> > > On Sat, May 30, 2020 at 10:55:01PM -0500, Pete Resnick wrote:
> > > > "Verified", not "Hold For Document Update"?
> > > >
> > > > pr
> > > >
> > > > On 30 May 2020, at 20:34, RFC Errata System wrote:
> > > >
> > > > > The following errata report has been verified for RFC7800,
> > > > > "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)".
> > > > >
> > > > > --------------------------------------
> > > > > You may review the report below and at:
> > > > > https://www.rfc-editor.org/errata/eid6187
> > > > >
> > > > > --------------------------------------
> > > > > Status: Verified
> > > > > Type: Editorial
> > > > >
> > > > > Reported by: Pete Resnick <resnick@episteme.net>
> > > > > Date Reported: 2020-05-26
> > > > > Verified by: Benjamin Kaduk (IESG)
> > > > >
> > > > > Section: 7.1
> > > > >
> > > > > Original Text
> > > > > -------------
> > > > >    [JWK]      Jones, M., "JSON Web Key (JWK)", RFC 7517,
> > > > >               DOI 10.17487/RFC7157, May 2015,
> > > > >               <http://www.rfc-editor.org/info/rfc7517>.
> > > > >
> > > > >
> > > > > Corrected Text
> > > > > --------------
> > > > >    [JWK]      Jones, M., "JSON Web Key (JWK)", RFC 7517,
> > > > >               DOI 10.17487/RFC7517, May 2015,
> > > > >               <http://www.rfc-editor.org/info/rfc7517>.
> > > > >
> > > > >
> > > > > Notes
> > > > > -----
> > > > > DOI has a typo: 7157 instead of 7517.
> > > > >
> > > > > --------------------------------------
> > > > > RFC7800 (draft-ietf-oauth-proof-of-possession-11)
> > > > > --------------------------------------
> > > > > Title               : Proof-of-Possession Key Semantics for JSON Web
> > > > > Tokens (JWTs)
> > > > > Publication Date    : April 2016
> > > > > Author(s)           : M. Jones, J. Bradley, H. Tschofenig
> > > > > Category            : PROPOSED STANDARD
> > > > > Source              : Web Authorization Protocol
> > > > > Area                : Security
> > > > > Stream              : IETF
> > > > > Verifying Party     : IESG
> > > >
> > > >
> > > > --
> > > > Pete Resnick https://www.episteme.net/
> > > > All connections to the world are tenuous at best
> >