Re: [secdir] [Id-event] Secdir telechat review of draft-ietf-secevent-token-07
Phil Hunt <phil.hunt@oracle.com> Wed, 28 March 2018 05:31 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56294124217; Tue, 27 Mar 2018 22:31:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4oIGeqGpY2p; Tue, 27 Mar 2018 22:31:18 -0700 (PDT)
Received: from aserp2130.oracle.com (aserp2130.oracle.com [141.146.126.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39DBB1205D3; Tue, 27 Mar 2018 22:31:18 -0700 (PDT)
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w2S5Kock054799; Wed, 28 Mar 2018 05:31:17 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type : mime-version : subject : from : in-reply-to : date : cc : content-transfer-encoding : message-id : references : to; s=corp-2017-10-26; bh=UsBz8nUdUZ4XUf6K54P0TckaTCdi1ygu+vhya5PZyd0=; b=Bo9RTxhGfotud77BtRXZpWm9axeJL/fAKhMbmDQV6QLWU7YDLslH69S6Qxk3DTcQzQ6m 7sLeg+umiGWcV80UcteTg69zrLPSadmQpnDw+5SpFVHcMsTMYYLsohx2d/rOsxsOHABI Iqfu6OXeoFyrAHsrBoMDTglTMlGx6x7JbdMb5hIWwToSStQ4nOCZVuvSHd9ZTK6fkFrY 7XOjUP2g5MYUEQvI7lmmXUei/RoP4OMJ+/x/bs8y4yL6ejz0xfl3TT600wYlouYYZIde 4/46e1MqHIWH0TO6poTemY58yQ5wBUXzCMlosiX09rxyLyqwXaB6C31eBdhAX2MK2EDd wg==
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2130.oracle.com with ESMTP id 2h04tu00nk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 28 Mar 2018 05:31:17 +0000
Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w2S5VG0R012429 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 28 Mar 2018 05:31:16 GMT
Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w2S5VF5w009653; Wed, 28 Mar 2018 05:31:15 GMT
Received: from [192.168.1.70] (/108.172.184.55) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 27 Mar 2018 22:31:15 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (15D100)
In-Reply-To: <152218349510.5239.9026903316972844190@ietfa.amsl.com>
Date: Tue, 27 Mar 2018 22:31:13 -0700
Cc: secdir@ietf.org, draft-ietf-secevent-token.all@ietf.org, ietf@ietf.org, id-event@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F1675A5-D2D0-425B-BB47-D2EC84B37AA6@oracle.com>
References: <152218349510.5239.9026903316972844190@ietfa.amsl.com>
To: Russ Housley <housley@vigilsec.com>
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8845 signatures=668695
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803280054
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/SmF-kHcYaHv5IIOn7MkJ0X6FTHc>
Subject: Re: [secdir] [Id-event] Secdir telechat review of draft-ietf-secevent-token-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2018 05:31:20 -0000
Russ Thanks for your review. I am away on holiday but hope to find an opportunity to get back to you on your review in the coming days. Thanks, Phil > On Mar 27, 2018, at 1:44 PM, Russ Housley <housley@vigilsec.com> wrote: > > Reviewer: Russ Housley > Review result: Has Issues > > I reviewed this document as part of the Security Directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the Security Area > Directors. Document authors, document editors, and WG chairs should > treat these comments just like any other IETF Last Call comments. > > Document: draft-ietf-secevent-token-07 > Reviewer: Russ Housley > Review Date: 2018-03-27 > IETF LC End Date: unknown > IESG Telechat date: 2018-05-10 > > Summary: Has Issues > > Process concern > > A request for a telechat review of draft-ietf-secevent-token was > assigned to me. However, there has not yet been an IETF Last Call > announced for this document. > > > Major Concerns > > All of the examples in Section 2.1 are non-normative. Instead of > staying that in each of the subsections, please add some text at the > top of Section 2.1 that says so. > > I do not understand the first paragraph of Section 3. I think you are > trying to impose some rules on future specifications that use SET to > define events. Please reword. > > > Minor Concerns > > The Abstract says: > > ... This statement of fact > represents an event that occurred to the security subject. In some > use cases, the security subject may be a digitial identity, but SETs > are also applicable to non-identity use cases. ... > > Please correct the spelling of digital identity. > > I do not think this tells the reader when they might want to employ this > specification. The following sentence from the Introduction does a > better job: > > This specification is scoped to security and identity related events. > > > In Section 2, the last bullet on page 5 talks about the "events" JSON > object. The last sentence caught me by surprise, and I had to read it a > few times to figure out the intent. The events object cannot be "{}", > but the payload for an event in that object can be "{}". I think that > a MUST statement about there being at least one URI string value would > have helped me. > > > _______________________________________________ > Id-event mailing list > Id-event@ietf.org > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_id-2Devent&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=fnyJdKvhWPUuMKKzm5d_t3Zs2s0pL22w8NMEZhfDYj0&s=5bt_aLpKCABqLuxercRiolomH_tFBb33PQnY1KM3CuE&e=
- [secdir] Secdir telechat review of draft-ietf-sec… Russ Housley
- Re: [secdir] [Id-event] Secdir telechat review of… Phil Hunt
- Re: [secdir] Secdir telechat review of draft-ietf… Benjamin Kaduk
- Re: [secdir] Secdir telechat review of draft-ietf… Mike Jones