Re: [secdir] sec-dir review of draft-pechanec-pkcs11uri-16
Derek Atkins <derek@ihtfp.com> Mon, 05 January 2015 14:49 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 150F21A88B9; Mon, 5 Jan 2015 06:49:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OjUomhZPAQTo; Mon, 5 Jan 2015 06:49:43 -0800 (PST)
Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A01451A88B2; Mon, 5 Jan 2015 06:49:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 664BAE2039; Mon, 5 Jan 2015 09:49:42 -0500 (EST)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 15037-09; Mon, 5 Jan 2015 09:49:40 -0500 (EST)
Received: from securerf.ihtfp.org (unknown [IPv6:fe80::ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 935A0E2035; Mon, 5 Jan 2015 09:49:40 -0500 (EST)
Received: (from warlord@localhost) by securerf.ihtfp.org (8.14.8/8.14.8/Submit) id t05EnbfH026901; Mon, 5 Jan 2015 09:49:37 -0500
From: Derek Atkins <derek@ihtfp.com>
To: Jan Pechanec <jan.pechanec@oracle.com>
References: <sjmoaqqtgmb.fsf@securerf.ihtfp.org> <alpine.GSO.2.00.1412292147350.1509@keflavik>
Date: Mon, 05 Jan 2015 09:49:37 -0500
In-Reply-To: <alpine.GSO.2.00.1412292147350.1509@keflavik> (Jan Pechanec's message of "Mon, 29 Dec 2014 21:53:37 -0800 (PST)")
Message-ID: <sjmsifpp9j2.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/ZQPgF0QmuOYvOG3vzdCRyu-IOfI
Cc: Darren.Moffat@oracle.com, secdir@ietf.org, iesg@ietf.org
Subject: Re: [secdir] sec-dir review of draft-pechanec-pkcs11uri-16
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jan 2015 14:49:46 -0000
Thanks. Your changes look good to me. Happy New Year. -derek Jan Pechanec <jan.pechanec@oracle.com> writes: > On Fri, 26 Dec 2014, Derek Atkins wrote: > >>Hi, >> >>I have reviewed this document as part of the security directorate's >>ongoing effort to review all IETF documents being processed by the >>IESG. These comments were written with the intent of improving >>security requirements and considerations in IETF drafts. Comments >>not addressed in last call may be included in AD reviews during the >>IESG review. Document editors and WG chairs should treat these >>comments just like any other last call comments. >> >>I believe this document has no issues. > > dear Derek, thank you for your time to review the document. > My comments are inline below. > >>Editorial comments: >> >>In section 1: >> >> A subset of existing PKCS#11 structure members and object attributes >> was chosen believed to be sufficient in uniquely identifying a >> PKCS#11 token, storage object, or library in a configuration file, on >> ... >> >>This sentence is not just long but also awkward. The phrase "was > > I agree. I've simplified that in the following way: > > A subset of existing PKCS#11 structure members and object attributes > was chosen to uniquely identify a PKCS#11 storage object, token, > slot, or library in a configuration file, on a command line, or in a > configuration property of something else. Should there be a need for > a more complex information exchange on PKCS#11 entities a different > means of data marshalling should be chosen accordingly. > >>chosen believed to be.." seems to be missing a conjunction and >>possibly a verb. Maybe this was meant to be two sentences that got >>smushed together? >> >> >>In section 3.3: >> >> PKCS#11 specification imposes various limitations on the value of >> attributes, be it a more restrictive character set for the "serial" >> ... >> >>I think you need to start this sentence with an article, i.e. "The >>PKCS#11 specification imposes..." > > I've fixed that, thank you. > >>(I'll note that I did not validate the ABNF). > > there was a bug there and the grammar in the latest working > version of a new draft 17 was verified by: > > http://tools.ietf.org/tools/bap/abnf.cgi > > I've also attached the latest working version of draft 17. > > best regards, Jan. -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH warlord@MIT.EDU PGP key available
- [secdir] sec-dir review of draft-pechanec-pkcs11u… Derek Atkins
- Re: [secdir] sec-dir review of draft-pechanec-pkc… Jan Pechanec
- Re: [secdir] sec-dir review of draft-pechanec-pkc… Derek Atkins