Re: [secdir] review of draft-ietf-kitten-gssapi-naming-exts
Leif Johansson <leifj@sunet.se> Tue, 20 July 2010 19:14 UTC
Return-Path: <leifj@sunet.se>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 470BA3A6BF7; Tue, 20 Jul 2010 12:14:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQNt4QsKOvtZ; Tue, 20 Jul 2010 12:14:17 -0700 (PDT)
Received: from backup-server.nordu.net (backup-server.nordu.net [IPv6:2001:948:4:1::66]) by core3.amsl.com (Postfix) with ESMTP id 5AD723A6934; Tue, 20 Jul 2010 12:14:15 -0700 (PDT)
Received: from [10.0.0.11] (ua-83-227-179-169.cust.bredbandsbolaget.se [83.227.179.169]) (authenticated bits=0) by backup-server.nordu.net (8.14.3/8.14.3) with ESMTP id o6KJERfc009648 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 20 Jul 2010 21:14:29 +0200 (CEST)
Message-ID: <4C45F593.5030609@sunet.se>
Date: Tue, 20 Jul 2010 21:14:27 +0200
From: Leif Johansson <leifj@sunet.se>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9pre) Gecko/20100217 Lightning/1.0b1 Shredder/3.0.3pre
MIME-Version: 1.0
To: Dan Harkins <dharkins@lounge.org>
References: <105c695af5c310908100f0f35b45fe2d.squirrel@www.trepanning.net>
In-Reply-To: <105c695af5c310908100f0f35b45fe2d.squirrel@www.trepanning.net>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 20 Jul 2010 12:26:15 -0700
Cc: draft-ietf-kitten-gssapi-naming-exts.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] review of draft-ietf-kitten-gssapi-naming-exts
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2010 19:14:23 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/20/2010 07:09 PM, Dan Harkins wrote: > > Hello, > > I have reviewed draft-ietf-kitten-gssapi-naming-exts as part of the > security directorate's ongoing effort to review all IETF documents being > processed by the IESG. These comments were written primarily for the > benefit of the security area directors. Document editors and WG chairs > should treat these comments just like any other last call comments. > > This draft extends the GSS-API naming model to include support for > "name attributes". This support can be used by an application to make > authorization decisions. I found no problems in the draft that the > ADs should take special note of. > > The draft is well-written and introduces and uses terminology well, > with one nit. It introduces terms with certain marking and then uses > them either without the marking (which is fine) or with some other > marking. For instance, "An attribute is 'authenticated' iff...." and > then the concept of an authenticated attribute is used without the > single quote. But sometimes attributes "MUST be represented as > *authenticated* GSS-API name attributes named using the _same_ OID > mapped to a URN." OK, so what's the significance of the asterisks now? > And the underscore? I found no value in these marks and suggest removing > them. If the authors intend for the marks to convey some meaning then > perhaps a Notations section is in order. > > One last nit: Section 6.2.1 refers to "(see comment above)" which should > be "(see Section 5)". > > regards, > > Dan. Thanks for the review Dan! Your comments are very valuable and I intend to update the document accordingly. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxF9Y8ACgkQ8Jx8FtbMZnevFQCeKE18nQdJhrEHvM+37x4fpppw rFcAoJK65i6pCv9/0RsEj0KMl2orPUHm =5nVY -----END PGP SIGNATURE-----
- [secdir] review of draft-ietf-kitten-gssapi-namin… Dan Harkins
- Re: [secdir] review of draft-ietf-kitten-gssapi-n… Leif Johansson