Re: [secdir] Secdir telechat review of draft-ietf-secevent-token-07
Mike Jones <Michael.Jones@microsoft.com> Thu, 05 April 2018 06:30 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22129126D74; Wed, 4 Apr 2018 23:30:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lE8BmcZ4PwhY; Wed, 4 Apr 2018 23:30:52 -0700 (PDT)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0138.outbound.protection.outlook.com [104.47.36.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D23DC12426E; Wed, 4 Apr 2018 23:30:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=eOd3y+pSu2Zcn7hIdwfPzk+4pAaPGubQoo8baCM8RQE=; b=LW0ugJrDM5c0HogPfQMdo18aYXSDCVOMilKUB1pppnwzEcaJhiYud/d7LRH/RM+zQuiFoKkcfey0ILVIl/V4uTUJqom8O4YARnm4hjUr6ieI6nfJL8+6QifptXShuaPv59YuJDnjLC4kmcL9d7/BehHbvHPP1AVA1EvwbwIiNnM=
Received: from MW2PR00MB0298.namprd00.prod.outlook.com (52.132.148.29) by MW2PR00MB0378.namprd00.prod.outlook.com (52.132.148.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.693.0; Thu, 5 Apr 2018 06:30:46 +0000
Received: from MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::d57f:b97f:30db:5eb2]) by MW2PR00MB0298.namprd00.prod.outlook.com ([fe80::d57f:b97f:30db:5eb2%2]) with mapi id 15.20.0695.000; Thu, 5 Apr 2018 06:30:45 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Russ Housley <housley@vigilsec.com>, Benjamin Kaduk <kaduk@mit.edu>
CC: "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-secevent-token.all@ietf.org" <draft-ietf-secevent-token.all@ietf.org>, "id-event@ietf.org" <id-event@ietf.org>
Thread-Topic: Secdir telechat review of draft-ietf-secevent-token-07
Thread-Index: AQHTxgx+n9kmL68NKUaCk4qM4oa4eKPlnPEAgAwkVDA=
Date: Thu, 05 Apr 2018 06:30:45 +0000
Message-ID: <MW2PR00MB029871F7E370E341623807A0F5BB0@MW2PR00MB0298.namprd00.prod.outlook.com>
References: <152218349510.5239.9026903316972844190@ietfa.amsl.com> <20180328125852.GC76724@kduck.kaduk.org>
In-Reply-To: <20180328125852.GC76724@kduck.kaduk.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [209.37.97.194]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0378; 7:1kCJbdBcU/s+I/LZZuP3CsYlr2pZNXvLl4mrr1iN4+VQI9naMKe1D+Eu86G/7GbkvUN9Zb1y8/i8DyC+btLOWHYZb0CnAU9z/qDE+xe4pvA+DCmkb9k8412jbDF86WbVZL35CxbTI4izw7uW6o7NVuhvfV1UoDB6EYltWK8SoCmIU5TaDg9P80kfqQ8eZ2/jJGmeKUtm2uZeBBak6ODsyilqFjCfcpMwhpQGfbEUsHqRZdNsq0FJI7WZC6UKJglY; 20:kfnhY0wkcaqPRgDnSFYzk/rRpakhcNPi7fhLP5ef3UcQ9IQr+lFuKSzRadj8eX4EgqGVbaUulcARs32VewUm5vboJnQlRTJ+pitUp7gf5hktD4Ycwv8K4TZ5N7cf+vVN6Z4vhlRM6Ji0o6SU8++mxsL/aXxbXspQcWMP0o/+4KU=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 8aafeb23-06fd-47d7-1437-08d59abec3aa
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:MW2PR00MB0378;
x-ms-traffictypediagnostic: MW2PR00MB0378:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <MW2PR00MB037883C6D7ED7E8568F04687F5BB0@MW2PR00MB0378.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(240460790083961);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(61425038)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501327)(52105095)(93006095)(93001095)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041310)(20161123564045)(20161123558120)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:MW2PR00MB0378; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0378;
x-forefront-prvs: 06339BAE63
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(376002)(346002)(39380400002)(396003)(13464003)(51914003)(189003)(199004)(377424004)(105586002)(229853002)(478600001)(5250100002)(25786009)(33656002)(4326008)(8676002)(6116002)(3846002)(81166006)(81156014)(8936002)(3660700001)(72206003)(5660300001)(66066001)(10290500003)(106356001)(3280700002)(74316002)(2906002)(305945005)(7736002)(2900100001)(97736004)(53936002)(53546011)(59450400001)(86612001)(6506007)(6246003)(55016002)(68736007)(2171002)(14454004)(6306002)(966005)(102836004)(9686003)(86362001)(26005)(10090500001)(446003)(316002)(486006)(6436002)(186003)(11346002)(8990500004)(110136005)(22452003)(54906003)(476003)(76176011)(99286004)(7696005); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0378; H:MW2PR00MB0298.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: ZqcOuzi7WKZ4sPtxRngfMHVP1h3Dp8ddVSY6C/5em+HWpqjaczC4QqQVblnjtTNXRUtFm5YIobN3jHK3PdDlX5ldHYeY9RxNpNsaloJBdV5I6OEYHUcrEYuMJLts/5++/qz+tufeS8VLN7DfGexs6/UusP709XJbWYcjZ3cRrwjex+12aXNw1NheYTmWM3Fu5eFAi+6GhY790oXvsY87hsG5//hcwmFJVTenNn1x2W0luO1KzVwS3fUBGHXCKN46ACtJM+E8A5KvIWPPCFgld5Dtt/0ayW9qF/c2PSt3QuAhFpKdV5YH1kTDBP/oHiJBP+ai1Rbecr4cGSnRjE9q3WiEGeRMypJd4ih/AQNv/7K74TL6ECNLQmJ2NNGX1pmvfkg7LKTAQqwbnFD3lFyQB0KjctouVGPqMGP3gcnMbgQ=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8aafeb23-06fd-47d7-1437-08d59abec3aa
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2018 06:30:45.8889 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0378
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/8LiblKYrrbgn4Gogt99HkUj11vQ>
Subject: Re: [secdir] Secdir telechat review of draft-ietf-secevent-token-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 06:30:54 -0000
Hi Russ (and Ben), Thanks for the useful review, Russ. https://tools.ietf.org/html/draft-ietf-secevent-token-08 is intended to address your review comments. See the inline responses below. -- Mike -----Original Message----- From: Benjamin Kaduk <kaduk@mit.edu> Sent: Wednesday, March 28, 2018 5:59 AM To: Russ Housley <housley@vigilsec.com> Cc: secdir@ietf.org; draft-ietf-secevent-token.all@ietf.org; id-event@ietf.org Subject: Re: Secdir telechat review of draft-ietf-secevent-token-07 Hi Russ, On Tue, Mar 27, 2018 at 01:44:55PM -0700, Russ Housley wrote: > Reviewer: Russ Housley > Review result: Has Issues > > I reviewed this document as part of the Security Directorate's ongoing > effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the Security > Area Directors. Document authors, document editors, and WG chairs > should treat these comments just like any other IETF Last Call comments. > > Document: draft-ietf-secevent-token-07 > Reviewer: Russ Housley > Review Date: 2018-03-27 > IETF LC End Date: unknown > IESG Telechat date: 2018-05-10 > > Summary: Has Issues > > Process concern > > A request for a telechat review of draft-ietf-secevent-token was > assigned to me. However, there has not yet been an IETF Last Call > announced for this document. Thanks for the review, and for pointing out the process nit. Getting on a telechat is pretty hard at the moment due to the large spike in documents we saw prior to the IESG cutover. I should still have time to complete my AD review and issue the IETF LC with time to spare before 2018-05-10, though. Authors, please feel free to address Russ's comments in a new revision if you can do so before the IETF LC is issued. Thanks, Ben > > Major Concerns > > All of the examples in Section 2.1 are non-normative. Instead of > staying that in each of the subsections, please add some text at the > top of Section 2.1 that says so. Done > I do not understand the first paragraph of Section 3. I think you are > trying to impose some rules on future specifications that use SET to > define events. Please reword. I reworked the beginning of the paragraph to try to provide more context for the statements that follow. > Minor Concerns > > The Abstract says: > > ... This statement of fact > represents an event that occurred to the security subject. In some > use cases, the security subject may be a digitial identity, but SETs > are also applicable to non-identity use cases. ... > > Please correct the spelling of digital identity. Done (but then removed, per the next item) > I do not think this tells the reader when they might want to employ > this specification. The following sentence from the Introduction does > a better job: > > This specification is scoped to security and identity related events. I replaced the previous statement in the abstract with a version of the sentence from the introduction that you cited. > In Section 2, the last bullet on page 5 talks about the "events" JSON > object. The last sentence caught me by surprise, and I had to read it > a few times to figure out the intent. The events object cannot be > "{}", but the payload for an event in that object can be "{}". I > think that a MUST statement about there being at least one URI string > value would have helped me. The MUST statement that you asked for is now there (at the end of the previous bullet item, where it makes better sense). Thanks again, -- Mike
- [secdir] Secdir telechat review of draft-ietf-sec… Russ Housley
- Re: [secdir] [Id-event] Secdir telechat review of… Phil Hunt
- Re: [secdir] Secdir telechat review of draft-ietf… Benjamin Kaduk
- Re: [secdir] Secdir telechat review of draft-ietf… Mike Jones