[regext] Roman Danyliw's Discuss on draft-ietf-regext-login-security-07: (with DISCUSS and COMMENT)
Roman Danyliw via Datatracker <noreply@ietf.org> Wed, 22 January 2020 17:51 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: regext@ietf.org
Delivered-To: regext@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 76B75120639; Wed, 22 Jan 2020 09:51:59 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-regext-login-security@ietf.org, Joseph Yee <jyee@afilias.info>, regext-chairs@ietf.org, jyee@afilias.info, regext@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.116.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <157971551947.12241.8926230433846451051.idtracker@ietfa.amsl.com>
Date: Wed, 22 Jan 2020 09:51:59 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/07BW0UydIBtrZA9cTrMXz5bDUl8>
Subject: [regext] Roman Danyliw's Discuss on draft-ietf-regext-login-security-07: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jan 2020 17:52:00 -0000
Roman Danyliw has entered the following ballot position for draft-ietf-regext-login-security-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-regext-login-security/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- ** Section 3.1. When @type=”stat” and the name of the stat is set in @name, how does a client know the semantics of this stat? Is that negotiated out of band? ** Section 4.1. Per <loginSec:userAgent>, how are the clients supposed to generate the app, tech or os strings in a way that the server will understand? If this is out of scope, please just say so. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I support Alissa Cooper’s DISCUSS position. ** Section 3.1. Is a @value required when @type=”cipher” or @type=”tlsProtocol”? The examples in Section 4 show the use of @value. Also, what format should be used to express the cipher or tlsProtocol? ** Section 3.1. Per the description of event@lang, please cite the language format as coming from Section 3.4.3[W3C.REC-xmlschema-2-20041028] ** Section 4.1. Per the children of <loginSec:userAgent>, would supporting a more formal approach also be useful -- using SWID (ISO/IEC 19770-2:2015) or COSWID (draft-ietf-sacm-coswid)? ** Section 4.1. Per pw and newPW’s descriptions of “all internal continuous whitepaces … is replaced with a single #x20” – is this intentionally precluding a password with a double space? ** Section 4.1. Per “If non-ASCII characters are supported with the plain text password, then use a standard for passwords with international characters, such as the OpaqueString PRECIS profile in [RFC8265].”, if non-ASCII characters are supported, how does a client know which approach to take with a given server in an interoperable. RFC8265 is a helpful reference but the current text seems to provide no guidance. ** Section 5. Please note in the Section 5 introduction that the blob between the BEGIN and END tags in Section 5.1 are formally specified by XML Schema. ** Section 8. Please note that the Security Considerations of RFC5730 apply and that this document enhances these security services. ** Editorial Nits -- Section 1. Typo. s/pssword/password/
- [regext] Roman Danyliw's Discuss on draft-ietf-re… Roman Danyliw via Datatracker
- Re: [regext] Roman Danyliw's Discuss on draft-iet… Gould, James
- Re: [regext] Roman Danyliw's Discuss on draft-iet… Roman Danyliw
- Re: [regext] Roman Danyliw's Discuss on draft-iet… Gould, James
- Re: [regext] Roman Danyliw's Discuss on draft-iet… Gould, James
- Re: [regext] Roman Danyliw's Discuss on draft-iet… Alexey Melnikov