IETF Logo Mail Archive

[saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17

Roman Danyliw <rdd@cert.org> Sun, 07 November 2021 16:34 UTC

Return-Path: <rdd@cert.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F7B13A07D7 for <saag@ietfa.amsl.com>; Sun, 7 Nov 2021 08:34:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y_k55CQXIWOq for <saag@ietfa.amsl.com>; Sun, 7 Nov 2021 08:34:10 -0800 (PST)
Received: from USG02-CY1-obe.outbound.protection.office365.us (mail-cy1usg02on0722.outbound.protection.office365.us [IPv6:2001:489a:2202:d::722]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC43A3A07CC for <saag@ietf.org>; Sun, 7 Nov 2021 08:34:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=T0Y/v7GGxuii0wjTyy2akSZ1NceIwwchzKpU20JFyXDJw/KfZPFCkEK/C22evg9nv6CDbT0lsMI+HIOA3UXluYJIIWIwPHKVyGTRBQx+hy7grPp+JEIxa8x/w8tTkeiUewINf/vmuRfCq/L3t8camHxID09fqK4ijxLUd64fo95Y4xCyQqJO5qffKpRM8HBD3O3crYk9SaQD+fUWm7ZdEL+eI+o7XBPu8uejm08xOjpvbBsk+RKBdkoKO2dsRYU3srWNWiB1AyYdzaBITLSGY5vSh1mU0hZom+VfkmhB61VZdWgAU25hRhvgplYsd+CJMwzwDCOwWUTpliARMPaLBA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=P6j62qkHShhybRmsMTabiAhiIQYfjp9+1IVoMUQ+uJ4=; b=dMbsOz6+7KBrY8GQSG7s0wcZtqe+HwMjNO4A5cZozXlq+nOtnpMVoWcbelTCdqTX4b12IIsduiWwXeBzo8um9SXSpqVS0xoQ/GVaPJ16FcW4aoy6lQNdzhIm12D6v/CFLOw5+tlqCsUdopNlL74zr+WsCD6LE2XtmTKgHlFZ4tTJY8TZCMJesDeTz7362Yfl5Iq3WrmQpw6tugaVDT82AeisxUIv8x4+IitobZrU9mHQC82th0ErAPeUZnQ01jk+ijjeVpy12aMCtvM9WVWQs2aqvMvP3ixYFtZQpiWi8tW0ycnTHHHKuts6JfjJfnfurpZjH30Nk9fvMMnS8sHgIw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=P6j62qkHShhybRmsMTabiAhiIQYfjp9+1IVoMUQ+uJ4=; b=H35INI+wcv+ySO14oOqnLPRMep2uSDzllB27PmbLM2jqHoVEF1q5FjxXJFFf8BIxE3Zy67Eg6y8x/z10+k6eQrl9fC27tBZR6NeNPo11FPpsFP/MQQ5t2UWUO8EnpFj0WERfzs43SDrWKLXFjdvdmYP17vPMWNqwkllM+bbKaEM=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0625.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:135::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.15; Sun, 7 Nov 2021 16:32:46 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4649.017; Sun, 7 Nov 2021 16:32:46 +0000
From: Roman Danyliw <rdd@cert.org>
To: saag <saag@ietf.org>
Thread-Topic: AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
Thread-Index: AdfT8rebsCj/8p2TSsqotCOBk3DMGA==
Date: Sun, 07 Nov 2021 16:32:46 +0000
Message-ID: <BN1P110MB09398B273C13AC5E9AD1309FDC909@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b739b9e6-3b27-48c8-d6bb-08d9a20c3b22
x-ms-traffictypediagnostic: BN1P110MB0625:
x-microsoft-antispam-prvs: <BN1P110MB0625DB4C27C3D757CDAEA6B9DC909@BN1P110MB0625.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Bn8h3iHuPV2oxRpN+aJvUjeZoOnzdVwiMIZsUYxnyxk3FW17QgjFnWKpf0R9j03MKZ/ZyCLkhFZ4gtcTrVtn3GF2JFayVGr7n2rnhlygPJyoxMgaPgZcy9/3cH2FzEcVQH9Rrn6IIIPIQBfDtgXtyYyaxW/q9d6Vk0N6ea+QRHGa7gwZaUwVwasldYkJ9Z+EWUYiGUtSPFSXGwrxqaMSWnI22rriLbC9q+7ZZT4j44yPioSlj7VxJ1ZeBCEIVAzSqKVLU172g4HHf8JRjklC4ubic35zrX2/tEpcdlZp3rbhBF1iZrwPTQVCTAwtHS/m56P23I+rYOVpyF2c4ak7gg2A5DGwnfSjoKiD3ZU4Saot4UolGs8biqX1A0oxSHPZiD1fHJVOAGScMId8iJoRKVuq8UHtzxFNQpgx95IeQaFI3lvSZ9SGE/6Z4ZMpYX1TByx+EKxXqRo0stXjTxY5161rjwj6v07iSE21xjX9WMW5spUa9cY+YGWw5D9EGpLljDpCuckVMGGE4Kq4dUODLczpZ5AEB/8kVgPX/wyMzy00p5YGJUr2hV1G5lkFvfXVLEkQgJrnUwklmZndHyzPhE4wWnAC0ZA2qZWz+i2itTkhUsHNv3wVFLCfD0wB7KEANLB6dTKs1WKfzdqSr/iVNyM5engY8t3LPpBUNQFocc4Cf88gL1fm830TY75LyHL6KCeBJD57tcHJamNo+QmaidVPz2gY7+GKDyO2hnFFX6p9iBkj2cEILnANets9qSu3o2xsnApWwcycHRkgDuO5fA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(86362001)(33656002)(498600001)(38070700005)(122000001)(966005)(71200400001)(38100700002)(76116006)(2906002)(7696005)(55016002)(66556008)(9686003)(66476007)(26005)(66446008)(82960400001)(64756008)(66946007)(6506007)(83380400001)(186003)(5660300002)(6916009)(52536014)(8676002)(8936002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KFG2rKlrTdAkV/7hZcdlPyb4SkUiFR5oi+7zsQcJJuNctXySR9tUFMynOECRukZ8Pxdu74OvJTa6xJBmy1jVJCRyHjiHYAWqTpCw0TTq6J7MSgTR/832EHS6k0kx2ZVliA5pxwJ/zahrEh1GvhBmil3QYsOKTGjVIg7oE+JFVTJuWUY0HupliaSgzZj3C+3Klh4XA9i5wlSwfvVWaD6azgHwWoPrp3hpajSv8i2FFxJqckZl7Fhvkrn7lf63fKNEvfxDEa5l5KazMuJU3juzKALLXuqr1hDazoV3tRspO6Oc0vgLuSvr3acfDz2U3G5KqM9OCYmTbUStwnU9J68MYfU4xtQk39qIlAIkneGL7gmOjhZkufi/vsUi+1urpPuQEs/BRHo7B3Zx/eT9Ts6MT8r6gK8xDCo2INktCpdMgmTys7uIoKY9um5IiTNMerO+F9e7OlqNozprS2BkjEJ/6gGvaOoG0pRgMykHKyB8zRFcbXBR1fkGQ1t9/iI2J24/AkIhCtJTjLihVg7yeZzQ1Y0IAZRDzVWI4++ac2M/ubRS4H/QFwHHlqRx98KudRN4I7Jst94JSktUZjOywWEIAsC3uvxV1IHE/YCZmfgmbi7JUEG7yoJFyxp/FxGPlWVLJr63p8UlfcnOVhM4dUJwuFADgRjkgXi8KEPp9oC/CJ5vxM5gYPBEfdgeafigjTQupXay3PpusL/bwbS+TThFVnI+zlSOuRxP5/Z++ZOgZYZCab1c4gKGKwOJQMd7S1BFP/uTeSPs+bmtF7xKoP2/EmttSkBimfM35DWMx0yp8odoVOwQcCjTx3HuU5XHK88aw/iGoH4bwiqto2Ek3+kdK8C3wJdmJRhjJaijSdTlpXUG/nx8Qr2+GeU7UvdYJGF2GWKr5rprGdE2asWo61tXCJkd6gFgZ99Be5OWTLxuzImTz+vM20T4lu+1z2t3vYI0E69iYEkD34Svwaql1NC/MKzL3uGKt+4wsngBVME8IEWEogAxjrzng9H2rO6JORvS5RXHRFaZzQ4R9N2EbQwoRDSlTFGMQTByJHM43ZDphhD7sGn1U1FL0Wf+h4H8U7OQjcDj7qKJTURhWHhDnu/vp4Y2zXIqyscr6B6C7pp574h1g5OtB9dRVyl7B+6xgZ/al7/DgiCCbqIQqsenT65YFnXNXbFrBw8Y8bM5on+XLCYjDBy9FVXnG9+XBgu2GHXNu42SrOsu+BVOAZZV41LTQckP/Foy/b7HF7+TyBtVJ8I=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b739b9e6-3b27-48c8-d6bb-08d9a20c3b22
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Nov 2021 16:32:46.4122 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0625
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/MQffU2ntJEHhKPU-bJ-pdlVmNqc>
Subject: [saag] AD Review of draft-eastlake-rfc6931bis-xmlsec-uris-17
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Nov 2021 16:34:16 -0000

Hi!

I performed an AD review on draft-eastlake-rfc6931bis-xmlsec-uris-17.  As this document is AD-sponsored, I would also appreciate additional reviewer either now or when the document enters IETF LC.  My feedback is below:

** I checked all of the new URIs listed in the document.  Generally, they returned a page saying that these identifiers are reserved and pointed back to this document.  The following URIs demonstrated different behavior.  Is this expected or a sign that further coordination with W3C is required?

-- Returns a 404:
http://www.w3.org/2021/04/xmldsg-more#siphash-2-4

-- Returns a generic page on namespaces (but I'll note that these URI are also already defined in [GENERIC], aka https://www.w3.org/TR/xmlsec-generic-hybrid/):

http://www.w3.org/2010/xmlsec-ghc#rsaes-kem
http://www.w3.org/2010/xmlsec-ghc#ecies-kem

** Editorial.  Why do only of some the algorithms have examples?  For example, in the original RFC6931 text, Section 2.1.3 (SHA-384) has one, but Section 2.1.4 (Whirlpool) does not.  Section 2.1.5 (SHA3) was originally in RFC6931 and in this bis got an example (for SHA3-224).  Of the newly added algorithms, Section 2.2.4 (Poly1305), 2.2.5 (SipHash-2-4), 2.2.6 (XMSS), 2.6.7 (ChaCha20) didn't get examples (not an exhaustive list), but Section 2.3.12 (Edwards-Curve) and Section 2.6.8 (ChaCha20+Poly1305) did.

** Abstract.  Editorial.

OLD
   This document updates and corrects the IANA registry for the list of
   URIs intended for use with XML digital signatures, encryption,
   canonicalization, and key management.  These URIs identify algorithms
   and types of information.  

NEW
This document updates and corrects the IANA "XML Security URIs" registry that lists the URIs intended for use with XML digital signatures, encryption, canonicalization, and key management.  These URIs identify algorithms and their associated type information.  

** Section 1.  Typo. s/has has/has/

** Section 1.  Typo. s/elemets/elements/

** Section 2.  This section discusses the namespace change from #xmldsig to #xmldsig-more.  It seems like an introduction of #xmlsec-ghc should also be added here.

** Section 2.2.3. Editorial.  s/is here used/is used here/

** Section 2.2.4.  Typo in the identifier URI:

OLD
http://www.w3.org/2021/04/xml6dsig-more#poly1305
NEW
http://www.w3.org/2021/04/xmldsig-more#poly1305

** Section 2.2.6.  Is there a reason there isn't more narrative text point out the different variants of XMSS the same way that Section 2.1.5 or 2.2.2 ?

** Section 2.6.4.  This is comment on the original text from RFC6931 copied into this document. Why doesn't the full namespace from the "identifiers" list match the example for #psec-kem?  The latter says "xmldsig-more#psec-kem" but the example says "xmlenc#psec-kem".  

** Section 2.6.7.  Typo. s/repreented/represented/

** Section 2.6.7.  Typo. /nexted/nested/

** Section 2.7.2.  Typo. s/specificed/specified/

** Section 2.7.2.  Typo.  In the example:
OLD
/AgreementMethod>

NEW
</AgreementMethod>

** Section 4.2.  Typo in the fragment name of the table (used to update the IANA registry)

OLD
2021/04/xmldsig-more#po1305              

NEW
2021/04/xmldsig-more#po1y305              

** Section 5.1
   The W3C has assigned "http://www.w3.org/2021/04/xmldsig-more#" for
   additional new URIs specified in this document.

"xmlsec-ghc#" is also used.  Perhaps we should ls

** Section 5.2.  Why loosen the registration procedure from specification required to expert review?  The documentation requirement seems nearly equivalent to "specification required".  Given how little churn this gets (especially in new Types), what would be the circumstances where the rigor of a W3C or IETF wouldn't be appropriate?

Regards,
Roman

v2.23.0 | Report a Bug | By Email