Re: [precis] Gen-art last call review of draft-ietf-precis-7613bis-07

Peter Saint-Andre - Filament <peter@filament.com> Mon, 26 June 2017 23:48 UTC

Return-Path: <peter@filament.com>
X-Original-To: precis@ietfa.amsl.com
Delivered-To: precis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 698F812EB7D for <precis@ietfa.amsl.com>; Mon, 26 Jun 2017 16:48:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=filament-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BIDxFBmXOtlm for <precis@ietfa.amsl.com>; Mon, 26 Jun 2017 16:48:38 -0700 (PDT)
Received: from mail-it0-x232.google.com (mail-it0-x232.google.com [IPv6:2607:f8b0:4001:c0b::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1D3812EB88 for <precis@ietf.org>; Mon, 26 Jun 2017 16:48:36 -0700 (PDT)
Received: by mail-it0-x232.google.com with SMTP id m84so7361152ita.0 for <precis@ietf.org>; Mon, 26 Jun 2017 16:48:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=filament-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=ctWzBz5Sa/qA5u2SfM2HjW4lPHM1PoJajvbDEgvqcRc=; b=ZF4U9AMSxJ05zRAhHbXNJbCgil7KJjrLKy1h0iYd23LM5/YvmLUl1eAg8vT2bFFXhC moEH4EoPvZvu8ktviT5vIva+7rupEI9m7cuIt1bcTIfMdB+35WGGsRVwxb1bygbPSinA Wy68BVcghl9RKXj4z2bQKQIIkhsP1QK2uWfFu8ImOpKjZyZi4Uv8SqyXcuF/efGNdJ0k cW/b3VoxNTyGYiMV1SffAV35widaGx5V2ermrKfx7GKWRFzD+nemBiuN7VS9+5NLyHtz P0C9OonU+dy6unYiBWNFU9UjfRnZ1FRlrjnjvlGxdwrI9I7YT5Rz/vLshCPtRzmjZ4c7 kphA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=ctWzBz5Sa/qA5u2SfM2HjW4lPHM1PoJajvbDEgvqcRc=; b=BcqDkS8eWqfHNF/ftnUW9tNJKTPV2a8oaMxU0yry2OHTZApMx0QQYAylfmwlkIcCa0 kV8dgtQ5XMaXcDNZH0wWhuBhiDKNIS0QZu28YDeze90Z1JZdF166ZEiqtzU6GMWZ9Gis BakLcPh2HcY7075dHZd4LYQCtVsPe71s+X7WLHrlqXJHaalh754684QJvqY3zBtUC70k tR/6zk75DGBsJjH+5OJnY/4EewC/QHtG7dDX/bM3el4HzCwEPy1m4rNdvo3DSY0n5QVu bWbzTNuNdeTXTgpOk2G33D2+fMcCrhol9vTFfKEb++12fUQPElZI2IRRMT0j1Unn3434 GwBw==
X-Gm-Message-State: AKS2vOz3AEfQEpwWIasT19iK46MAWOm9HWvlbgq1hFZ17uGi4ri3tZ+q HkUS9OL8SCZTsktw
X-Received: by 10.36.88.196 with SMTP id f187mr196964itb.86.1498520915867; Mon, 26 Jun 2017 16:48:35 -0700 (PDT)
Received: from aither.local ([2601:282:4202:67d3:50b:8144:6d4:65e9]) by smtp.gmail.com with ESMTPSA id e34sm796098ioj.62.2017.06.26.16.48.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Jun 2017 16:48:35 -0700 (PDT)
To: Linda Dunbar <linda.dunbar@huawei.com>, "gen-art@ietf.org" <gen-art@ietf.org>
References: <4A95BA014132FF49AE685FAB4B9F17F6593D94F9@SJCEML702-CHM.china.huawei.com>
Cc: "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-precis-7613bis@ietf.org" <draft-ietf-precis-7613bis@ietf.org>, "precis@ietf.org" <precis@ietf.org>
From: Peter Saint-Andre - Filament <peter@filament.com>
Message-ID: <3feb4084-d038-9253-fc48-e739d846102f@filament.com>
Date: Mon, 26 Jun 2017 17:48:34 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <4A95BA014132FF49AE685FAB4B9F17F6593D94F9@SJCEML702-CHM.china.huawei.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/precis/Uh678U-HgmztlhWF73MKqJPvhQ4>
Subject: Re: [precis] Gen-art last call review of draft-ietf-precis-7613bis-07
X-BeenThere: precis@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Preparation and Comparison of Internationalized Strings <precis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/precis>, <mailto:precis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/precis/>
List-Post: <mailto:precis@ietf.org>
List-Help: <mailto:precis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/precis>, <mailto:precis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jun 2017 23:48:40 -0000

Hi Linda,

Thanks for your review. Comments inline.

On 6/26/17 4:53 PM, Linda Dunbar wrote:
>  
> Reviewer: Linda Dunbar
> Review result: Ready
>  
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed by the
> IESG for the IETF Chair.  Please treat these comments just like any
> other last call comments.
>  
> For more information, please see the FAQ at
>  
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
>  
> Document: draft-ietf-precis-7613bis
> Reviewer: Linda Dunbar
> Review Date: 2017-06-25
> IETF LC End Date: 2017-06-27
> IESG Telechat date: 2017-07-06
>  
> Summary:
> The document is written very clear. Even for a person who is not
> familiar with the App area, I can follow through the description. The
> document is ready for publication as standard track document Major issues:
>  
> One Minor issue:
>  
> Page 6 last paragraph has:
> /SASL mechanisms SHOULD delay any case////mapping to the last possible
> moment, such as when doing a lookup////by username, performing username
> comparisons, or generating a////cryptographic salt from a username (if
> the last possible moment////happens on the server, then decisions about
> case mapping can be a////matter of deployment policy). In keeping with
> [RFC4422], SASL////mechanisms are not to apply this or any other profile
> to////authorization identifiers, only to authentication identifiers./
>  
> What does "last possible moment" mean? When I read it, I thought it
> meant wait until you got all the characters. But the next sentence
> mentions "..happens on the server". How is the "server" related to the
> entity that check the user name & password? 

Many authentication decisions happen on an application server to which a
user-oriented client connects (think of an email client connecting to an
email server). By "last possible moment" we're referring to processing
within the application server or an authentication module thereof - for
instance, instead of performing case mapping on first receiving data
from the client (thus implying that the case information is lost through
most of the processing stages), it's better to lose that information
only at the very end. Do you feel it would it help to add a more
detailed description of the reasoning here?

Peter

-- 
Peter Saint-Andre
https://filament.com/