Re: [precis] I-D Action: draft-ietf-precis-7564bis-09.txt

Peter Saint-Andre <> Sun, 17 September 2017 20:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3F20213334E for <>; Sun, 17 Sep 2017 13:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=mn0fmDBX; dkim=pass (2048-bit key) header.b=qvJRyez1
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6WcWr_EYEWzM for <>; Sun, 17 Sep 2017 13:41:38 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 69E3B13301C for <>; Sun, 17 Sep 2017 13:41:38 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id BBB1020B0C; Sun, 17 Sep 2017 16:41:37 -0400 (EDT)
Received: from frontend1 ([]) by compute2.internal (MEProxy); Sun, 17 Sep 2017 16:41:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=DL/i7E/7idy0TNSEfMoFdVE+4oWiUTgOp82Qdsp00 MA=; b=mn0fmDBX2QPqCiGeYkbLo6OzUYtcyi6+vJx5B7nq7lXRYiVrQNALMQBIr 3va7xjWSgga7007kU5t7glD/BWNggdoiV40t1gDl7qeDlfE1RC9O0FeOmi5E3Uv9 yxQG96yD1LYCaKcyvSV9COt289pSJO7P7bJ5qx+T/3W4/vJjKgZRcDdPMpAI9Z5E 5TIVEPwaYeAf5tnVE3wjcxxTjB7xj7TSo+gcGCXpgK+EkWLlnlFeL/sFuMm84l7l XzeO66z3U4IAYmWQCyT4aK1VTWIFBJerUTVD3NUlay0B0hnxXdwsOtj+Z71xM0uo wFaRHjg+jN/GGyZUlPzU55LCb3suw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=DL/i7E/7idy0TNSEfM oFdVE+4oWiUTgOp82Qdsp00MA=; b=qvJRyez1vgk/id4RgtcryKnP772PFCRMks EGDxuyAtZm3oibylhjS6E19Dd2Cqg6yc+KYIFPLYRaKHflM/6h29fTv1uEKWfD39 Sd0tmRHBTwpkRcZ2vhqzPhcemcpsqzO7bvmyoqvBLDnndvXtG28OdVkWW8kmZfMv uf+v7Q8xMX3OxOJKARijhsoFW04APD3D6RLShlzaHfmqOva8woHEJYxKuEWYKskJ rra2U42SKKGUfbVgE1qRWJtZh9juVp1uozYWlcOzJhynvVaC6gFgMfORmqlqKWEP yK/m5xf6e1b+JE9hD9l6XOJzbEI/7X+QMd8YIOyCLF+3Qm4ODnnA==
X-ME-Sender: <xms:Ad6-WQ411B7rEGcwzEis4bUZCeyTe3-x1pKBLVLxnHTmg3Sr_qmb2Q>
X-Sasl-enc: w7wAFGT0GDHMpSrQEFiby0HYmGTtujmLJWg8++VWeits 1505680897
Received: from aither.local (unknown []) by (Postfix) with ESMTPA id 2C0077E125; Sun, 17 Sep 2017 16:41:37 -0400 (EDT)
To: Sam Whited <>
References: <> <> <> <> <> <> <> <>
From: Peter Saint-Andre <>
Message-ID: <>
Date: Sun, 17 Sep 2017 14:41:35 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="E38OCo06oekMu7qTxNs77veNC5ABqSuV1"
Archived-At: <>
Subject: Re: [precis] I-D Action: draft-ietf-precis-7564bis-09.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 17 Sep 2017 20:41:40 -0000

On 9/17/17 1:13 PM, Sam Whited wrote:
> On Thu, Sep 14, 2017, at 21:04, Peter Saint-Andre wrote:
>> What needs fixing? We added explanatory text about idempotence, and
>> there will also be an example of such in the RFC version.
> That is not enough. Someone writing a PRECIS implementation *might* see
> that. Someone actually using the PRECIS implementation (eg. the author
> of an XMPP Client, Spotify, etc.) will most likely not see that. If
> they're lucky, the text will have been copied over into the
> implementations documentation. That's a lot of "if's".

Why would an application need to care about this? This is an internal
implementation detail of a PRECIS library/API, and IMHO it would be
irresponsible of the library/API author to offer an option for
application developers to select how many times to apply the rules.

>> Please note that these documents are now in AUTH48 (very final edits
>> before publication). So speak now or forever hold your peace!
> I brought this up earlier as well. I wanted to bring it up again because
> the Nickname profile is getting so close to being published again with
> something that I think is possibly a security concern and that needs to
> be fixed since we won't have this opportunity again.

Sam, I am going to reiterate that we are EXTREMELY close to publication
of this document - it could have happened on, say, Thursday morning
right before you posted to the list about this. Please please please
either propose very specific text or point to an earlier email message
where you did so, because personally I have forgotten if you already did
that and my recollection from the previous discussion was that you did
not raise objections to the compromise text that Bill Fisher and I
agreed on. If your proposal is that we make significant changes to the
document at this time, then the Working Group chair or Area Director
will likely have to suggest a path forward, because your feedback is
coming so very late in the process.