Re: [secdir] SECDIR review of draft-kyzivat-case-sensitive-abnf
Chris Lonvick <lonvick.ietf@gmail.com> Thu, 11 September 2014 18:02 UTC
Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ADA11A8A53; Thu, 11 Sep 2014 11:02:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tnlHbCTo2cr; Thu, 11 Sep 2014 11:02:15 -0700 (PDT)
Received: from mail-pd0-x22d.google.com (mail-pd0-x22d.google.com [IPv6:2607:f8b0:400e:c02::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B1611A8A54; Thu, 11 Sep 2014 10:59:56 -0700 (PDT)
Received: by mail-pd0-f173.google.com with SMTP id ft15so11811465pdb.32 for <multiple recipients>; Thu, 11 Sep 2014 10:59:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=wiCedceowg7XAe5FP4i+p2FxTTyJxYNCFFL2OOHPbgc=; b=FGEAiOcu6NGLtHguwNXDxrMwi4xKgMZ0QiwT1EXyaJMoCgvBabqoYWuDjXBG2P1rRd 4GVqmnDGUX/KRFLM1qkEiPkJabXmJC5xrUpavtI4qAqfmm1SRiu00Zuh/vf7sfKRR0GQ FBQXQqSKogg/cBM45fPdWb3NJii4PytXfLWTbmoQkKCYO/SVzwD/NQE1qY/F5zmkt0o5 FtMu1GKnAPz7E/kmcF/6SYUxFy4paCfqC5w4FU14o4oNOrunfv0lY/m8aoe8U0BGohy8 bsZhWbRgwyIKN1iVdv9kvsx3oVrhhELQGpYN1kjcVPNMsYKXIeI3xBFuzvn5lPy4fgQk Gcsw==
X-Received: by 10.68.220.105 with SMTP id pv9mr4099956pbc.8.1410458395688; Thu, 11 Sep 2014 10:59:55 -0700 (PDT)
Received: from [192.168.1.76] (172-3-137-150.lightspeed.sntcca.sbcglobal.net. [172.3.137.150]) by mx.google.com with ESMTPSA id i2sm1798870pat.3.2014.09.11.10.59.53 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 11 Sep 2014 10:59:54 -0700 (PDT)
Message-ID: <5411E318.7020106@gmail.com>
Date: Thu, 11 Sep 2014 10:59:52 -0700
From: Chris Lonvick <lonvick.ietf@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, iesg@ietf.org, secdir@ietf.org, draft-kyzivat-case-sensitive-abnf.all@tools.ietf.org
References: <540A3309.90802@gmail.com> <5410BDA0.7050305@alum.mit.edu>
In-Reply-To: <5410BDA0.7050305@alum.mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/dTX3Eh-dKggh8a5Wh-HwEKpzBQk
Subject: Re: [secdir] SECDIR review of draft-kyzivat-case-sensitive-abnf
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 18:02:17 -0000
Hi Paul, It looks good to me. I recommend progressing this forward. Best regards, Chris On 9/10/14, 2:07 PM, Paul Kyzivat wrote: > Chris, > > Based on discussions in this thread I've posted an -02 version that > hopefully addresses all of your comments. > > Thanks, > Paul > > On 9/5/14 6:02 PM, Chris Lonvick wrote: >> Hi, >> >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the IESG. >> These comments were written primarily for the benefit of the security >> area directors. Document editors and WG chairs should treat these >> comments just like any other last call comments. >> >> The abstract is: >> >> This document extends the base definition of ABNF (Augmented Mackus- >> Naur Form) to include a way to specify ASCII string literals that >> are >> matched in a case-sensitive manner. >> >> >> Overall, I don't like the statement in the Security Considerations >> section, but it is consistent with all other documents related to >> defining ABNF, and I can't find any noteworthy security issues anyway. >> From that, I have no objection to moving this document forward. >> >> I did find some nits and have some suggestions for improving >> readability. >> >> 1 - "Mackus-Naur" is used in two places rather than "Backus-Naur". >> >> 2 - The last sentence of section 2.1 is: >> >> This mechanism has a clear readability >> disadvantage, with respect to using a literal text string with a >> prefix, and new the prefix mechanism is preferred. >> >> >> Perhaps you meant: >> This mechanism of using a literal text string with a prefix has a >> clear >> readability disadvantage. The prefix mechanism described in this >> specification can be much more easily read. >> >> >> 3 - This part of Section 2.1 may be cleared up some: >> ---vvv--- >> >> If no prefix is present then the string is case-insensitive. >> >> Hence: >> >> rulename = %i"aBc" >> >> and: >> >> rulename = "abc" >> >> will both match "abc", "Abc", "aBc", "abC", "ABc", "aBC", "AbC", and >> "ABC". >> >> >> ---^^^--- >> >> Suggested: >> ---vvv--- >> To be consistent with current implementations of ABNF, having no >> prefix means that the string is case-insensitive, and is >> equivalent >> to having the "%i" prefix. >> >> Hence: >> >> rulename = %i"aBc" >> >> and: >> >> rulename = "abc" >> >> are equivalent and both will match "abc", "Abc", "aBc", "abC", >> "ABc", >> "aBC", "AbC", and "ABC". >> ---^^^--- >> >> Best regards, >> Chris >> >
- [secdir] SECDIR review of draft-kyzivat-case-sens… Chris Lonvick
- [secdir] SECDIR review of draft-kyzivat-case-sens… Barry Leiba
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Paul Kyzivat
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Paul Kyzivat
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick