Re: [secdir] SECDIR Review of draft-ietf-repute-model-08
"Murray S. Kucherawy" <superuser@gmail.com> Sat, 07 September 2013 21:57 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0001C21F9F51; Sat, 7 Sep 2013 14:57:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.498
X-Spam-Level:
X-Spam-Status: No, score=-2.498 tagged_above=-999 required=5 tests=[AWL=0.101, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VwPUIwu+VgYL; Sat, 7 Sep 2013 14:57:37 -0700 (PDT)
Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) by ietfa.amsl.com (Postfix) with ESMTP id 2D13E21F9F31; Sat, 7 Sep 2013 14:57:36 -0700 (PDT)
Received: by mail-wg0-f52.google.com with SMTP id m14so4112707wgh.31 for <multiple recipients>; Sat, 07 Sep 2013 14:57:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=a+7HwcKr3MrLSSFYwFO9uVthrcE+2v/am/7qMLFFCqo=; b=REEh6jPqR0hSeL2ARaCNB3jza/miNSbbV/DK6IOVeQ01TPo9X5ViUcWLs81XGHE3Lg TbrFLqo/nceluBFsTRvNPHm08mXEtgCyiXUDliJ7w/T9z99ckN6tuLHAy2BTxs9Lrk6p 51qtKLmpPCz+nTH3xJNwA43apfMXhGmrMXtdmf32nOZcoC5LppPegezhwqvgrIVs0k8s 7yca8CHwgvrmJDUOGVpm4JMsKXy+RaRJvxO7pSeqFb2Jw7NWKo21WpTln4F6fijH3WV1 6ws+BsRzMkWnH9vFz9gXQ66fLwh2kohDj6ke7LhNsvfHuFkfNkIuok01ofNm15iIkllC 21NQ==
MIME-Version: 1.0
X-Received: by 10.180.184.107 with SMTP id et11mr3252918wic.60.1378591056359; Sat, 07 Sep 2013 14:57:36 -0700 (PDT)
Received: by 10.180.106.169 with HTTP; Sat, 7 Sep 2013 14:57:36 -0700 (PDT)
In-Reply-To: <CAF4+nEGS6e=YVjRu5gfixyEsLku0sfU88N=zaonG0bACDxNrFQ@mail.gmail.com>
References: <CAF4+nEGS6e=YVjRu5gfixyEsLku0sfU88N=zaonG0bACDxNrFQ@mail.gmail.com>
Date: Sat, 07 Sep 2013 14:57:36 -0700
Message-ID: <CAL0qLwZVPccRg3qMajpzhNJySeX9uLMdE9utCdVN+4sPtWSGng@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Content-Type: multipart/alternative; boundary="001a11c227ee3478b404e5d23ef5"
X-Mailman-Approved-At: Sat, 07 Sep 2013 15:13:59 -0700
Cc: draft-ietf-repute-model.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SECDIR Review of draft-ietf-repute-model-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Sep 2013 21:57:39 -0000
Hi Donald, thanks for your comments. Replies inline. On Tue, Sep 3, 2013 at 7:36 PM, Donald Eastlake <d3e3e3@gmail.com> wrote: > Minor Problems: > > Section 1: > The last sentence of the first paragraph could be read to imply that > lack of authentication is the primary cause of spam. In this era of > botnets, I don't think that's true. Perhaps "... leads to spam, > phishing, and other attacks." should say "... makes spam, phishing, > and other attacks even easier than they would otherwise be." or > something like that. > OK. Section 4.1.1: > My guess is that the values of a "Rating" are floating point in the > range 0.0 to 1.0 but it doesn't actually say that... If so, why isn't > the example "1.0" said to indicate "exact agreement" or the like > instead of "strong agreement"? Would 2.0 indicate "very strong > agreement". > Right, the range is actually spelled out in the media-type document, where ABNF is provided. I'll add that here as well. > Section 5: > This section seems in some ways like the heart of the document but > is also seems a bit blurry. Even at a high level, I would think that > there could be an explicit cardinality associated with these bullet > items. That is, it should say for each (or for all in the case it is > the same for all of them) if they can be omitted, whether or not they > must occur at least once, and if they can occur multiple times. > I've added "at least the following data" since a basic response will include all of those. Additional values might be present in a response within a given application space. This is spelled out more normatively in the media-type document. > Is "application context" the same as what quality is being rated? I > would think not. For example, couldn't the application be "restaurant > recommendation" and then couldn't there be, say, four ratings, one for > food quality, one for price, one for decor, and one for service? If > so, why isn't what the rating measures an additional bullet item or > part of the rating score item? On the other hand, the rating score > item says "overall rating score" implying there can only be one... > In your hypothetical example, the application context would be "restaurant", and the assertions possible would be "food-quality", "price", "decor", and "service". A different rating would be returned for each of those, as requested by the client. > > Section 6: > Suddenly, in this section, for the first time, we have the > capitalized word "Target". Why isn't this defined in Section 4 on > terminology and definitions? I suppose it means something like the > pair of identity of the entity being rated and the application > context? > We don't use "Target" anywhere else, but rather use "subject", so I've changed it to that and de-capitalized all of them. There's no need to introduce a new term so late in the document. > Trivia: > > Section 1: > In paragraph 3 the definition of "reputation" uses the word > "estimation" in an uncommon way that might confuse some readers. I > think it could use something like the word "esteem" instead. The word > "opinion" could also be used but would require minor corresponding > changes. This occurs within quoted text that looks like it is copied > from somewhere else. If so, shouldn't that source be referenced? > I got it from a dictionary, namely http://dictionary.reference.com/browse/reputation. It looks like that's based on the 2013 Random House dictionary. I'll add a citation. > > Section3: > The Figure 1 footer should be on the same page as the figure. > Is there a way to force that in xml2rfc? > > Section 4.1: > In the last sentence of the 2nd paragraph at the end of page 7, I > would strongly prefer "specify" to "define" but that might be a > personal quirk. > Done. Thanks again, -MSK
- [secdir] SECDIR Review of draft-ietf-repute-model… Donald Eastlake
- Re: [secdir] SECDIR Review of draft-ietf-repute-m… Murray S. Kucherawy
- Re: [secdir] SECDIR Review of draft-ietf-repute-m… Donald Eastlake