Re: [secdir] SECDIR Review of draft-ietf-repute-model-08
Donald Eastlake <d3e3e3@gmail.com> Sun, 08 September 2013 00:59 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D39C21E8084; Sat, 7 Sep 2013 17:59:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.283
X-Spam-Level:
X-Spam-Status: No, score=-102.283 tagged_above=-999 required=5 tests=[AWL=0.317, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vV1QKjG2Cggp; Sat, 7 Sep 2013 17:59:55 -0700 (PDT)
Received: from mail-pa0-x236.google.com (mail-pa0-x236.google.com [IPv6:2607:f8b0:400e:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 7ED4E21E8064; Sat, 7 Sep 2013 17:59:55 -0700 (PDT)
Received: by mail-pa0-f54.google.com with SMTP id kx10so4865875pab.27 for <multiple recipients>; Sat, 07 Sep 2013 17:59:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=qHLCtXbR2AJgtTE8XQniahp/gvJXv/UCVPvoxdE+S6U=; b=Bf9a4DUag/xrJCIpdBZPLVOdzV6L5ENmVVAT6yQVYkxbxgyTLsasXC7WNdGroMQHs6 s4lvhjr0K8l54ImlzW4/lGvb+FvTk0Hn0xtijB6PyRP+I7ngChWmHGM4K76ezMUvubwO UwVzlUIHrCwX9aG+dwp/hqCGuxRN3WHIFErmCk9XhZcEK44xhExsOAP4pNNFcMZhw3l+ QmgAfBumzoVJP7HZR8hiHzCwaNLl741r14q9pd2ooWByNIIaOKBnL4DpufX6jMcjS06H liqtgdgRPylcsHZgOzi+zP07+0YIvCC1IqIXQqAnmJogLSeHI58WsW6HeygnmJvBBCKx m0Tg==
X-Received: by 10.66.161.138 with SMTP id xs10mr12226379pab.56.1378601994525; Sat, 07 Sep 2013 17:59:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.70.91.143 with HTTP; Sat, 7 Sep 2013 17:59:34 -0700 (PDT)
In-Reply-To: <CAL0qLwZVPccRg3qMajpzhNJySeX9uLMdE9utCdVN+4sPtWSGng@mail.gmail.com>
References: <CAF4+nEGS6e=YVjRu5gfixyEsLku0sfU88N=zaonG0bACDxNrFQ@mail.gmail.com> <CAL0qLwZVPccRg3qMajpzhNJySeX9uLMdE9utCdVN+4sPtWSGng@mail.gmail.com>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sat, 07 Sep 2013 20:59:34 -0400
Message-ID: <CAF4+nEEw1ECz=FfPF3-p7Ru2C9T7mnDOBr3+qBHkbUPLa45sNw@mail.gmail.com>
To: "Murray S. Kucherawy" <superuser@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: draft-ietf-repute-model.all@tools.ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] SECDIR Review of draft-ietf-repute-model-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Sep 2013 00:59:56 -0000
Hi Murray, Thanks, for the response. It looks good. On Sat, Sep 7, 2013 at 5:57 PM, Murray S. Kucherawy <superuser@gmail.com> wrote: > Hi Donald, thanks for your comments. Replies inline. > > On Tue, Sep 3, 2013 at 7:36 PM, Donald Eastlake <d3e3e3@gmail.com> wrote: >> >> Minor Problems: >> >> Section 1: >> The last sentence of the first paragraph could be read to imply that >> lack of authentication is the primary cause of spam. In this era of >> botnets, I don't think that's true. Perhaps "... leads to spam, >> phishing, and other attacks." should say "... makes spam, phishing, >> and other attacks even easier than they would otherwise be." or >> something like that. > > > OK. > >> Section 4.1.1: >> My guess is that the values of a "Rating" are floating point in the >> range 0.0 to 1.0 but it doesn't actually say that... If so, why isn't >> the example "1.0" said to indicate "exact agreement" or the like >> instead of "strong agreement"? Would 2.0 indicate "very strong >> agreement". > > > Right, the range is actually spelled out in the media-type document, where > ABNF is provided. I'll add that here as well. > >> >> Section 5: >> This section seems in some ways like the heart of the document but >> is also seems a bit blurry. Even at a high level, I would think that >> there could be an explicit cardinality associated with these bullet >> items. That is, it should say for each (or for all in the case it is >> the same for all of them) if they can be omitted, whether or not they >> must occur at least once, and if they can occur multiple times. > > > I've added "at least the following data" since a basic response will include > all of those. Additional values might be present in a response within a > given application space. This is spelled out more normatively in the > media-type document. > >> >> Is "application context" the same as what quality is being rated? I >> would think not. For example, couldn't the application be "restaurant >> recommendation" and then couldn't there be, say, four ratings, one for >> food quality, one for price, one for decor, and one for service? If >> so, why isn't what the rating measures an additional bullet item or >> part of the rating score item? On the other hand, the rating score >> item says "overall rating score" implying there can only be one... > > > In your hypothetical example, the application context would be "restaurant", > and the assertions possible would be "food-quality", "price", "decor", and > "service". A different rating would be returned for each of those, as > requested by the client. > >> >> >> Section 6: >> Suddenly, in this section, for the first time, we have the >> capitalized word "Target". Why isn't this defined in Section 4 on >> terminology and definitions? I suppose it means something like the >> pair of identity of the entity being rated and the application >> context? > > > We don't use "Target" anywhere else, but rather use "subject", so I've > changed it to that and de-capitalized all of them. There's no need to > introduce a new term so late in the document. > >> >> Trivia: >> >> Section 1: >> In paragraph 3 the definition of "reputation" uses the word >> "estimation" in an uncommon way that might confuse some readers. I >> think it could use something like the word "esteem" instead. The word >> "opinion" could also be used but would require minor corresponding >> changes. This occurs within quoted text that looks like it is copied >> from somewhere else. If so, shouldn't that source be referenced? > > > I got it from a dictionary, namely > http://dictionary.reference.com/browse/reputation. It looks like that's > based on the 2013 Random House dictionary. I'll add a citation. > >> Section3: >> The Figure 1 footer should be on the same page as the figure. > > > Is there a way to force that in xml2rfc? I don't know. I use nroff where it is simple to do such things. >> Section 4.1: >> In the last sentence of the 2nd paragraph at the end of page 7, I >> would strongly prefer "specify" to "define" but that might be a >> personal quirk. > > > Done. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3@gmail.com > Thanks again, > > -MSK
- [secdir] SECDIR Review of draft-ietf-repute-model… Donald Eastlake
- Re: [secdir] SECDIR Review of draft-ietf-repute-m… Murray S. Kucherawy
- Re: [secdir] SECDIR Review of draft-ietf-repute-m… Donald Eastlake