Re: [secdir] Secdir last call review of draft-ietf-sipcore-sip-token-authnz-12
Christer Holmberg <christer.holmberg@ericsson.com> Wed, 15 April 2020 07:58 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA6BF3A1113; Wed, 15 Apr 2020 00:58:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Level:
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.168, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jjLvUExLbp40; Wed, 15 Apr 2020 00:58:07 -0700 (PDT)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60071.outbound.protection.outlook.com [40.107.6.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A1CD3A1111; Wed, 15 Apr 2020 00:58:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LhOwBkw3+Pysue0PdzoWdJUzL3Ei+b+OjrjF1atIXZdnZZyDeNB+NNJOjBRO725244+f5HnuajO2LHbQHr430uAcDBwMhH5FZi2qKBiTGcRNfkbaxCv3MDU3r+nq6qxezKYGqwyFl6cFPAsPqKQ/C26lddk43D0QzZQ4/DZWRoKfK/MRBwsv/rvpovx2Uoelm5ZXtygQbGaDSV17MBOdAmEsW9dyUqm5e5IxU6p1TRA17zs4LIt8pphLrVJeMBRaITEJ6qJfZI1QCal82FKgu2Ub1s1hZtjVTCfX10xgkNFSLJLxVxVKmq8w7w1RqT1vdg5wDQ8mZvDd5oaLikJWoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RO+kaMSq7ewAQHaCCC9iUxUSR7/BgnCmepeQ+IRgIRo=; b=g3/gIoL0JtsSEgzDwaf/BwcPed0NraNeht0Ewc9JMLFve18VnxdKPSxoUTC0+nfUH7bCnyA1NYb/osbMN4Y3j3gXRTelJYv/apETDh7lurEMTjzUUUAkBVqMrUdGljdwz8nLmKMsJRroGkzwfyLmLh8HLZj+9FJgvf/nuH3+Z0jVbUeoZk/EWIlNL50poqBygUfU/9jQ28XBSDnXECBWADOuu+T0Hjwv7YT1ifGN/krNIW8cjcichHmaU30I5okM+velCmMpYBT/BtswUDoC9eVS0ElBG7GBVjcfoN1ci8S8ewA5LLPCfmcC7Pb2503INGY2nf5CsqqdgqQrVFd/rQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RO+kaMSq7ewAQHaCCC9iUxUSR7/BgnCmepeQ+IRgIRo=; b=ML+lbNTTMusdNGFgd28YhmNP+IRhHVMeWmRFlzP6f6HopJ4dts6VWPh2azsDKvkzoDsfQDbe1Izdr0fphlIcUtV458AR2mQfOf7CxmKt04z9ag2oLRVeT6PiR72hyz6IM97NpJUQTJWfFqwLX9RE76GtoNLu5ZgWBM0uwiK1QgQ=
Received: from AM0PR07MB3987.eurprd07.prod.outlook.com (2603:10a6:208:46::31) by AM0PR07MB5953.eurprd07.prod.outlook.com (2603:10a6:208:108::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2921.24; Wed, 15 Apr 2020 07:58:01 +0000
Received: from AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::b929:4e5c:6b46:3ccc]) by AM0PR07MB3987.eurprd07.prod.outlook.com ([fe80::b929:4e5c:6b46:3ccc%7]) with mapi id 15.20.2921.024; Wed, 15 Apr 2020 07:58:01 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Derrell Piper <ddp@electric-loft.org>, "secdir@ietf.org" <secdir@ietf.org>
CC: "draft-ietf-sipcore-sip-token-authnz.all@ietf.org" <draft-ietf-sipcore-sip-token-authnz.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "sipcore@ietf.org" <sipcore@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-sipcore-sip-token-authnz-12
Thread-Index: AQHWEqCqVuV0L/UOg0qwY4WPA18OQ6h6BDMA
Date: Wed, 15 Apr 2020 07:58:01 +0000
Message-ID: <5BABF46F-6BF2-4296-B035-099BF57E0EBE@ericsson.com>
References: <158689842488.27716.15541584374764439587@ietfa.amsl.com>
In-Reply-To: <158689842488.27716.15541584374764439587@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.1e.0.191013
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [188.127.223.154]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: ec9f0c78-5fc6-4ea6-e5e2-08d7e112b84a
x-ms-traffictypediagnostic: AM0PR07MB5953:
x-microsoft-antispam-prvs: <AM0PR07MB59539A45DD1F59D5245CDD0693DB0@AM0PR07MB5953.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0374433C81
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3987.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(10009020)(4636009)(366004)(346002)(396003)(136003)(376002)(39860400002)(2906002)(26005)(44832011)(478600001)(64756008)(2616005)(66556008)(71200400001)(6512007)(8936002)(8676002)(110136005)(81156014)(6486002)(36756003)(33656002)(86362001)(6506007)(4326008)(316002)(54906003)(66446008)(186003)(5660300002)(66946007)(66476007)(76116006); DIR:OUT; SFP:1101;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: XyOsopPx1y5CtV4aI4fvSE1eQ8DXjKwiJtwxadJNudnB7RdcjPwQpdvpBLXgLxlo+qtcUuo8gvw/Z5/7N0rLCcororYiLx+GlXBI1XE+lj9lqZLkj8jYjjgaZT9S4uRDo//BXhok7leGhDee0HGNPuGt5b14Mn7+Jd54ohzE4ozhS5iI1L1RNiSKjblisQ7p31NEnbG0gpbZ8bf0mPKDZnlHwRQjd3rxJzkqNikq/hdmkBXEQrCzGfXNayO3Upfpw7nz/TqLRRbGvL70TKp+Y671Ll6US1TX7ByyzFADCZguG6gzTjnU9M81MLN78Sjl1ng2BNnDPe7bdQmOqbmQ/3MMOltuRLQeZysObKFnRdyPwsCQ5yVZdWvlY/1szI8tEKq6lTymQE/Xzv65ZTPmwWQDE3Mr5i9+nYwmJVwg9C+cPYPot3DO58YPjGuSpEOa
x-ms-exchange-antispam-messagedata: 1+6clEOTZ6FWNjhjd2jxo3/vNm4kEi6dx7HwOf7JeVNt8eXf4wyH0HE9BNZhNjDUrjZwm6m2RFz3UonnsUJiQI7L93q6KfDZv5tlI5VwYv/SEc3jcxhQ+tBG+NYj/V6Q+Qt5oI4tC5B4QwUBKRm8ug==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <B4B92CDFC24FE449AA739901E645DD3E@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ec9f0c78-5fc6-4ea6-e5e2-08d7e112b84a
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2020 07:58:01.2882 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: puKI799SAUQnDNRSwaSP9iQfn+c/zRQIWr5HaGK68IoeIAGQnTNSVMGiylwN5q9fUmLpja1vC0i+TT8NLEJinUHhG1CSD8frImU6ZGSAQnA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5953
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/3IYGIzOYFfKCO64IzCPiBxgQm8A>
Subject: Re: [secdir] Secdir last call review of draft-ietf-sipcore-sip-token-authnz-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2020 07:58:08 -0000
Hi Derrell,
Thank You for the review! Please see inline.
> pp. 3, 1., nit
>
> "...enables the single-sign-on features, which allows the user to..."
>
> "...enables single sign-on, which allows the user to..."
We can fix as suggested.
---
> pp. 5, last sentence
>
> "previously" means "from the out-of-scope mechanism", just say that.
I think that sounds a little "clumsy" to repeat it. Would it work if we said "obtained in the step above", or something like that?
---
> pp. 7, 2.1.1
>
> "(or with invalid credentials)"
>
> Why continue when a UAC presents invalid credentials? [See below.]
>
>
> pp. 8, 2.1.3
>
> 2.1.1 says if you get invalid credentials to go REGISTER, and here in
> REGISTER, it says if you get invalid credentials, go to 2.1.1. This
> seems recursive though I'm assuming this ultimately terminates when all
> the schemes are exhausted without success.
Section 2.1.1 defines generic procedures, while section 2.1.3 defines the procedures specific for the REGISTER request.
Regards,
Christer
- [secdir] Secdir last call review of draft-ietf-si… Derrell Piper via Datatracker
- Re: [secdir] Secdir last call review of draft-iet… Christer Holmberg
- Re: [secdir] Secdir last call review of draft-iet… Derrell Piper