IETF Logo Mail Archive

Re: [regext] Document Shepherd Write Up of Login-Security

Joseph Yee <jyee@afilias.info> Wed, 25 September 2019 20:31 UTC

Return-Path: <jyee@afilias.info>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F924120018 for <regext@ietfa.amsl.com>; Wed, 25 Sep 2019 13:31:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XRtNYC2JRbiQ for <regext@ietfa.amsl.com>; Wed, 25 Sep 2019 13:31:46 -0700 (PDT)
Received: from outbound.afilias.info (outbound.afilias.info [66.199.183.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85403120124 for <regext@ietf.org>; Wed, 25 Sep 2019 13:31:46 -0700 (PDT)
Received: from ms5.on1.afilias-ops.info ([10.109.8.9] helo=smtp.afilias.info) by outbound.afilias.info with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) (envelope-from <jyee@afilias.info>) id 1iDDwv-000DrK-52 for regext@ietf.org; Wed, 25 Sep 2019 20:31:45 +0000
Received: from mail-ot1-f72.google.com ([209.85.210.72]:48134) by smtp.afilias.info with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.2) (envelope-from <jyee@afilias.info>) id 1iDDwv-0008wt-4l for regext@ietf.org; Wed, 25 Sep 2019 20:31:45 +0000
Received: by mail-ot1-f72.google.com with SMTP id y24so3945353otk.15 for <regext@ietf.org>; Wed, 25 Sep 2019 13:31:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+E3p7JcRmymFjzVP81Epy7R3oft0FLMCFEUFM6kfZcs=; b=l9Mbx7mbLxO7kZ/1kmnfy/N4U+u13KsyfoZBAODRqotbV1PS5J9lQwrkom233iqtTB PwcyRjoetl2F6/sJLzG8Qs3s40ZqaWyKg/i9gZgHltjktF6j/IXM9DHNyy5Iib7woQBB Qa8pT1mWEyFDp0XwTYb7rxz7NOWuaRtY5e1g4eI0gGj6zSzWaiTY0RuqrKy81KIPG1iL WjEPe7E+6Zh45SzixAnOnYzfFKjsxbXUMfdw6sJmZA7zh/lXNZI1otnJ0kfeGf1X8O8I AH8xMMVNa42mUhqkk6nJSvlUsJSvVTyDGB9pls/JmGRa5NZzMZOfLiM7W7+eDz2W66Qp Cjeg==
X-Gm-Message-State: APjAAAVsEjJGwTvTfViw73GQyg/WY6cUSZb76ISFRM8dxY4MO0Reokva 1hbBFF0QYVNJqicHSG/M0Do3x1rnc879cfYwbprpge1UJ7KCqDvl1LGi6Jm85cGCtVQkrDGl3UE PnOBvIqdWrjZ5NTRivINJsBMs6w==
X-Received: by 2002:aca:b541:: with SMTP id e62mr5729469oif.90.1569443499528; Wed, 25 Sep 2019 13:31:39 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzSIECcMZ9Ufx+Vg9nT7VVT4TmKD21HmvOUi0miGMBkzcnjYfszr2XMGtqofWUBr3Ws+a7FtQjNFUByboqbi+0=
X-Received: by 2002:aca:b541:: with SMTP id e62mr5729444oif.90.1569443499135; Wed, 25 Sep 2019 13:31:39 -0700 (PDT)
MIME-Version: 1.0
References: <CAF1dMVH5W_dA_0jJaK9OceSGcwek6y-GnaGRyFqnQdWbtoAGAQ@mail.gmail.com> <80680E0B-2ECB-47E1-B248-ED236F100A47@verisign.com>
In-Reply-To: <80680E0B-2ECB-47E1-B248-ED236F100A47@verisign.com>
From: Joseph Yee <jyee@afilias.info>
Date: Wed, 25 Sep 2019 16:31:28 -0400
Message-ID: <CAF1dMVEQjNh6kCyZ4G8aqK89aBpzxEafgOu0xrGHrgWpqeZ4Vw@mail.gmail.com>
To: "Gould, James" <jgould@verisign.com>
Cc: regext <regext@ietf.org>
Content-Type: multipart/related; boundary="0000000000004311790593668a89"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/9K1f9uu6qFBmNr77mmkcimZ5SpA>
Subject: Re: [regext] Document Shepherd Write Up of Login-Security
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2019 20:31:49 -0000

Hi Jim and all,

comments inline

On Tue, Sep 24, 2019 at 5:01 PM Gould, James <jgould@verisign.com> wrote:

> Joseph,
>
>
>
> Thank you for performing the document shepherd review and creating the
> writeup.  You brought up 2 points in your comments, that I provide thoughts
> on below:
>
>
>
>    1. Section 3.1 - the paragraph that specifies when “name” must be
>    mandatory.  The text needs more work to be precise. The current text only
>    specifies “name” is required when “type”==“custom”, where “name” is
>    mandatory too when “type”==“stat”.
>       1. When the “type” is “stat”, then the use of the “name” is
>       mandatory to define the “stat” sub-type, per the definition of the “stat”
>       type and the definition of the “name” attribute.  I include both below for
>       reference:
>
>                                                               i.      "stat":
> Provides a login security statistical warning that MUST set the "name"
> attribute to the name of the statistic.
>
>    1. How about updating this description to highlight that the “name” is
>             used to define the statistic sub-type, such as “Provides a login security
>             statistical warning that MUST set the "name" attribute to the name of the
>             statistic *sub-type*.”?  When using the “stat” type, the use
>             of the sub-type is required by using the “name” attribute.
>
>                                                             ii.      "name":
> Used to define a sub-type when the "type" attribute is not "custom" or the
> full type name when the "type" attribute is "custom".
>
>    1. This description is accurate for the “stat” type, since the “name”
>             attribute is used to define the sub-type.
>
>
I have a bit of hard time reading your comment due to the numbering. As
long as the the description "name" paragraph in some way specifies that
both "stat" and "custom" MUST define "name" it will be fine IMHO.



>
>    1.
>          1. In Section 4.1, <loginSec:userAgent> specifies that one of
>    the child element must be included if the request contained
>    <loginSec:userAgent>.  In the Formal Syntax section, the XML does not
>    enforce it.  If the XML syntax uses what XML Schema offers, then editors
>    should check on <choice> element.
>       1. I’m unaware of a clean method to enforce having at least one of
>       the sub-elements (app, tech, and os) via the XML schema, since there can be
>       one to three of the elements that is not well suited for the use of a
>       <choice>.  We need to ensure that there are no duplicates and maintaining
>       the order would be preferred.  Do you or anyone else have a proposal that
>       can be used?  My recommendation is to keep the XML schema as is and to have
>       the server validate the existence of at least one sub-element after the XML
>       parser, per the language of the specification.
>
>
The original schema can maintain order, but can't maintain the presence.

The following could work (in XML schema, <choice> can contain <sequence>,
not just <element>, I haven't build any code to confirm it):

***
<choice>
  <sequence>
    <element name="app" />
    <element name="tech" minOccurs="0"  />
    <element name="os" minOccurs="0" />
  </sequence>
  <sequence>
    <element name="tech" />
    <element name="os" minOccurs="0" />
  <sequence>
  <element name="os" />
</choice>
***

Best,
Joseph



>    1.
>       1.
>
> Thanks,
>
>
>
> --
>
>
>
> JG
>
>
> [image: cid:image001.png@01D255E2.EB933A30]
>
>
> *James Gould *Distinguished Engineer
> jgould@Verisign.com
>
> 703-948-3271
> 12061 Bluemont Way
> Reston, VA 20190
>
> Verisign.com <http://verisigninc.com/>
>
>
>
> *From: *regext <regext-bounces@ietf.org> on behalf of Joseph Yee <
> jyee@afilias.info>
> *Date: *Tuesday, September 24, 2019 at 3:09 PM
> *To: *regext <regext@ietf.org>
> *Subject: *[EXTERNAL] [regext] Document Shepherd Write Up of
> Login-Security
>
>
>
> All,
>
>
>
> I had uploaded the document shepherd write up of login-security and
> available at the link below for your reference:
>
>
>
>
> https://datatracker.ietf.org/doc/draft-ietf-regext-login-security/shepherdwriteup/
>
>
>
> Best,
>
> Joseph
>
>
>

v2.23.0 | Report a Bug | By Email