IETF Logo Mail Archive

Re: [regext] Document Shepherd Write Up of Login-Security

"Gould, James" <jgould@verisign.com> Tue, 24 September 2019 21:00 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFCAB1200DB for <regext@ietfa.amsl.com>; Tue, 24 Sep 2019 14:00:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SRQJ_USMAr76 for <regext@ietfa.amsl.com>; Tue, 24 Sep 2019 14:00:41 -0700 (PDT)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE60E120903 for <regext@ietf.org>; Tue, 24 Sep 2019 14:00:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=28944; q=dns/txt; s=VRSN; t=1569358840; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=Sv4Me4UosWLLIyv6wXniVFYOwJugrqhdERco+flfW80=; b=UrvmjjfXfYpAamDAF/nClHRNQPSbZ4xNGDX/QSJsLiZPJIerQkfyA6o5 gHvFTwzGNK9ybv6+YAAWd54ArV+9el4kfR4W+qXugeSV/nShO3zTeM/Ks Kyc24ZLHFz3kK861FNmBBnzQcwQAdZ+d5VA3dauzS+Hvj3c/VSL3g8mL9 6gmwdPVSXqUm6tDtoQEKxaH3Hdf2ZnrLaYMOlODY9o1Agbcbkakp6iBed J3NohiHxXgx0XaZXA6V0zfcgeZJLvC7bmW73dP5M2iw6QcngaybV6DRY1 sxe+Gs6nefA63MqOxvkx4kp7HFJgChrwnD4TgZYhmU6LYFFEYv4DvhmPG w==;
X-IronPort-AV: E=Sophos;i="5.64,545,1559534400"; d="png'150?scan'150,208,217,150";a="8443188"
IronPort-PHdr: 9a23:UgCrrhOOcBrR48JWaigl6mtUPXoX/o7sNwtQ0KIMzox0K/z7r8bcNUDSrc9gkEXOFd2Cra4d0KyN6+u5BDBIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfL1/IA+4oAnNucUanItvJ6kswRbVv3VEfPhby3l1LlyJhRb84cmw/J9n8ytOvv8q6tBNX6bncakmVLJUFDspPXw7683trhnDUBCA5mAAXWUMkxpHGBbK4RfnVZrsqCT6t+592C6HPc3qSL0/RDqv47t3RBLulSwKLCAy/n3JhcNsjaJbuBOhqAJ5w47Ie4GeKf5ycrrAcd8GWWZNW8BcXDFDDIyhdYsCF+oPM/hFoYnhqVUArhW+CguiC+Pu1jBHiWT73bcm3+QkCwzKwBYtEtAIvX/JrNv1LqASUeWtwaXGzDvDaO5W2TPg54TQbxsvpeuDXbdufsrKx0UkCgTIjlefqYziIjOV0vkCvnOF7+V+T+KvinUnqwB+ojip3Msjlo7JhocMx13C6C53zoE1JdiiR056Z96pCIVQuD+AN4t3WcMiQm5ouCA7yr0ApZG3ZjQFyJMixxLHavyIbZSI4hz5WOaWOzd4i3Roc6+8iRaq6UWs1/HwWtOp3FtIoCdJiMTAu3AD2hDJ5cWKSeNx8lq91TqVygze6P1ILVopmafUKJMt2KM8m5kLvUTNACD7m1n6gaqTe0o++eWl7//ob7Doq5OCKoB5iwTzPb8ql8G+A+k1NwYDUmaZ9Ouh0rDo4Ff3T69QjvIsl6nUqJXaJcMGqaGnGwJVyYMj6wqnDzehzdQYgWELLFJbdxKDiIjkI0zDLuzgA/uig1uiiDhlyPHaMrH8GJnNMGTMkLD7fbZl8UJT0hc8wcpB55JOEbEBJuj/VVP2tNzdFhM5Mgq0zPj7CNhly48SRXiDDrKbPa7cq1OE++IiLueWaIIauzvxM/0l6OTvjX89l18dZ66p3Z4PZXC6EfRmJFiZYX7xjdoaD2cFoBA+TO3xiF2DXj5TYWy+UL475jE+EI6mF5vMRpixgLyd2ye2Bp9WZ2BYBV+SCnrnbYuEW/YIaCKTOMBhiSYIVbmnS48v0hGkrBX6xKZ/LurI5i0Ysoru1MJr6O3cix4z+iB0At+c026TU2F0kHkERzgs3KBw8gRBzQKh1rN1m/wQJNFer6dLQwo3HZfSzuh7Asu0WwTPeYHNAEyrTdi2HXllVN8+zs8SS0dwB9vkiQrMiXmEGbgQwvakA4Ew/uaU/XH0Kt03gyLE2648i1UOXMZVNHaniag5/A/WUd2a236FnrqnIPxPlBXG832OmC/X5BlV
X-IPAS-Result: A2EHAADggopd/zCZrQphAxoBAQEBAQIBAQEBDAIBAQEBgVQEAQEBAQsBgRuBb4EvCoQYjl6CQIMKY5U1gT8XJQkBAQEBAQEBAQEDAQMBJQoBAQKEPQIXgy41CA4CDAEBAQQBAQEBAQUDAQEBAoYWDII6KQFhLwkBMgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCCAc0GQc1EgEBGAEBAQEDBQEdAggBWwIBCA4DAwECBgEBAQ4BEwICAgUQAQ4MHQgCBAERAQYIgxQBghmtRXOBMoQ3ARNBQIRyEIE0AYwhgUE+gREnH4FOUC4+gmECAwGBRy0JASYBAoJBMoIEIgSPVoUpJGyNJIJhhngDB4IihW8BgRWFFIMWboUIgyiVfYxrgS+HHnWRAgIEAgQFAhWBVAOCDHAVZQGCDQEzCUcQFIFaF4NPhRSFP3MJAwElih8NHoEEgSMBAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Tue, 24 Sep 2019 17:00:36 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1779.002; Tue, 24 Sep 2019 17:00:36 -0400
From: "Gould, James" <jgould@verisign.com>
To: Joseph Yee <jyee@afilias.info>, regext <regext@ietf.org>
Thread-Topic: [EXTERNAL] [regext] Document Shepherd Write Up of Login-Security
Thread-Index: AQHVcwuabWW/vqzpvkahWO2H4BUFNKc7UCQA
Date: Tue, 24 Sep 2019 21:00:36 +0000
Message-ID: <80680E0B-2ECB-47E1-B248-ED236F100A47@verisign.com>
References: <CAF1dMVH5W_dA_0jJaK9OceSGcwek6y-GnaGRyFqnQdWbtoAGAQ@mail.gmail.com>
In-Reply-To: <CAF1dMVH5W_dA_0jJaK9OceSGcwek6y-GnaGRyFqnQdWbtoAGAQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.e.190909
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_80680E0B2ECB47E1B248ED236F100A47verisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/WInv0WAIksgs8ROzYiWjWJsSuac>
Subject: Re: [regext] Document Shepherd Write Up of Login-Security
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2019 21:00:44 -0000

Joseph,

Thank you for performing the document shepherd review and creating the writeup.  You brought up 2 points in your comments, that I provide thoughts on below:


  1.  Section 3.1 - the paragraph that specifies when “name” must be mandatory.  The text needs more work to be precise. The current text only specifies “name” is required when “type”==“custom”, where “name” is mandatory too when “type”==“stat”.
     *   When the “type” is “stat”, then the use of the “name” is mandatory to define the “stat” sub-type, per the definition of the “stat” type and the definition of the “name” attribute.  I include both below for reference:

                                                              i.      "stat":  Provides a login security statistical warning that MUST set the "name" attribute to the name of the statistic.

           *   How about updating this description to highlight that the “name” is used to define the statistic sub-type, such as “Provides a login security statistical warning that MUST set the "name" attribute to the name of the statistic sub-type.”?  When using the “stat” type, the use of the sub-type is required by using the “name” attribute.

                                                            ii.      "name":  Used to define a sub-type when the "type" attribute is not "custom" or the full type name when the "type" attribute is "custom".

           *   This description is accurate for the “stat” type, since the “name” attribute is used to define the sub-type.
  1.  In Section 4.1, <loginSec:userAgent> specifies that one of the child element must be included if the request contained <loginSec:userAgent>.  In the Formal Syntax section, the XML does not enforce it.  If the XML syntax uses what XML Schema offers, then editors should check on <choice> element.
     *   I’m unaware of a clean method to enforce having at least one of the sub-elements (app, tech, and os) via the XML schema, since there can be one to three of the elements that is not well suited for the use of a <choice>.  We need to ensure that there are no duplicates and maintaining the order would be preferred.  Do you or anyone else have a proposal that can be used?  My recommendation is to keep the XML schema as is and to have the server validate the existence of at least one sub-element after the XML parser, per the language of the specification.
Thanks,

--

JG

[cid:image001.png@01D255E2.EB933A30]

James Gould
Distinguished Engineer
jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://verisigninc.com/>

From: regext <regext-bounces@ietf.org> on behalf of Joseph Yee <jyee@afilias.info>
Date: Tuesday, September 24, 2019 at 3:09 PM
To: regext <regext@ietf.org>
Subject: [EXTERNAL] [regext] Document Shepherd Write Up of Login-Security

All,

I had uploaded the document shepherd write up of login-security and available at the link below for your reference:

https://datatracker.ietf.org/doc/draft-ietf-regext-login-security/shepherdwriteup/

Best,
Joseph

v2.23.0 | Report a Bug | By Email