Re: [secdir] SECDIR review of draft-kyzivat-case-sensitive-abnf
Paul Kyzivat <pkyzivat@alum.mit.edu> Sat, 06 September 2014 16:12 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39A371A047E for <secdir@ietfa.amsl.com>; Sat, 6 Sep 2014 09:12:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.465
X-Spam-Level: *
X-Spam-Status: No, score=1.465 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x5im3XsGzpjf for <secdir@ietfa.amsl.com>; Sat, 6 Sep 2014 09:12:34 -0700 (PDT)
Received: from qmta05.westchester.pa.mail.comcast.net (qmta05.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:43:76:96:62:48]) by ietfa.amsl.com (Postfix) with ESMTP id 2F7ED1A0478 for <secdir@ietf.org>; Sat, 6 Sep 2014 09:12:34 -0700 (PDT)
Received: from omta11.westchester.pa.mail.comcast.net ([76.96.62.36]) by qmta05.westchester.pa.mail.comcast.net with comcast id ns7k1o0020mv7h055sCZcv; Sat, 06 Sep 2014 16:12:33 +0000
Received: from Paul-Kyzivats-MacBook-Pro.local ([50.138.229.151]) by omta11.westchester.pa.mail.comcast.net with comcast id nsCZ1o00G3Ge9ey3XsCZSo; Sat, 06 Sep 2014 16:12:33 +0000
Message-ID: <540B3271.5060502@alum.mit.edu>
Date: Sat, 06 Sep 2014 12:12:33 -0400
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Chris Lonvick <lonvick.ietf@gmail.com>, iesg@ietf.org, secdir@ietf.org, draft-kyzivat-case-sensitive-abnf.all@tools.ietf.org
References: <540A3309.90802@gmail.com>
In-Reply-To: <540A3309.90802@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1410019953; bh=ZOg2+8hwWVbGSdJqzyH56kgcr2ZKNFVEM0d8C8p6qLQ=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=W8vonDM6xNyZ7dBpLnZF25q8ds2x6AqJycLprdLPplu97AQSVf9LraRuDHYlPSe2g Bfr+yfImcieajGGV7uUkh9k5kw7OvSIVFWyozV0zIzE9XxBqR8i6vU2SYSns35ehCH G4mu1ycpl+xcQzKh/d4+vx9Y8rjK20S7Qr2r4l6KXxm22oDi1baYYOe1UjVk6DlIGj jYvUJvquwFrWukMFfahiIF/XpOAwggvOuw50nuLSMVutIuS0/lOKD4goB4+OHr766D xZXFVf2dx0l/lA47c8tiPcpt7/llSCGwMX3ScK47/6qt0waMbAWWPd/nmRwroC6Uvd 5hHGmN0qFwA2w==
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/Zwf6vyhVCsjUPLykz-XUsgmDylA
Subject: Re: [secdir] SECDIR review of draft-kyzivat-case-sensitive-abnf
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Sep 2014 16:12:35 -0000
Chris, Thanks for the comments. On 9/5/14 6:02 PM, Chris Lonvick wrote: > Hi, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > The abstract is: > > This document extends the base definition of ABNF (Augmented Mackus- > Naur Form) to include a way to specify ASCII string literals that are > matched in a case-sensitive manner. > > > Overall, I don't like the statement in the Security Considerations > section, but it is consistent with all other documents related to > defining ABNF, and I can't find any noteworthy security issues anyway. > From that, I have no objection to moving this document forward. As you can see, I just followed precedent since I wasn't doing anything that would alter the security implications in any way. But I am open to suggestions for something better to say. > I did find some nits and have some suggestions for improving readability. > > 1 - "Mackus-Naur" is used in two places rather than "Backus-Naur". Yes. I don't know how that happened. > 2 - The last sentence of section 2.1 is: > > This mechanism has a clear readability > disadvantage, with respect to using a literal text string with a > prefix, and new the prefix mechanism is preferred. > > > Perhaps you meant: > This mechanism of using a literal text string with a prefix has a clear > readability disadvantage. The prefix mechanism described in this > specification can be much more easily read. No. "This mechanism" refers to "the way that has been used in the past" (specify the individual characters numerically). How about: "The new way (using a literal text string with a prefix) has a clear readability advantage over the old way." > 3 - This part of Section 2.1 may be cleared up some: > ---vvv--- > > If no prefix is present then the string is case-insensitive. > > Hence: > > rulename = %i"aBc" > > and: > > rulename = "abc" > > will both match "abc", "Abc", "aBc", "abC", "ABc", "aBC", "AbC", and > "ABC". > > > ---^^^--- > > Suggested: > ---vvv--- > To be consistent with current implementations of ABNF, having no > prefix means that the string is case-insensitive, and is equivalent > to having the "%i" prefix. This seems good, except for the use of "current". That doesn't age well. I suggest replacing "current" with "prior". Thanks, Paul > Hence: > > rulename = %i"aBc" > > and: > > rulename = "abc" > > are equivalent and both will match "abc", "Abc", "aBc", "abC", "ABc", > "aBC", "AbC", and "ABC". > ---^^^--- > > Best regards, > Chris >
- [secdir] SECDIR review of draft-kyzivat-case-sens… Chris Lonvick
- [secdir] SECDIR review of draft-kyzivat-case-sens… Barry Leiba
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Paul Kyzivat
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Paul Kyzivat
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick