[secdir] Secdir telechat review of draft-ietf-secevent-token-07
Russ Housley <housley@vigilsec.com> Tue, 27 March 2018 20:44 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E8C012E878; Tue, 27 Mar 2018 13:44:55 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Russ Housley <housley@vigilsec.com>
To: secdir@ietf.org
Cc: draft-ietf-secevent-token.all@ietf.org, ietf@ietf.org, id-event@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.76.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152218349510.5239.9026903316972844190@ietfa.amsl.com>
Date: Tue, 27 Mar 2018 13:44:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/f90RZPvUQppXi50qaKeJ0nBauCI>
Subject: [secdir] Secdir telechat review of draft-ietf-secevent-token-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 20:45:03 -0000
Reviewer: Russ Housley
Review result: Has Issues
I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the Security Area
Directors. Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.
Document: draft-ietf-secevent-token-07
Reviewer: Russ Housley
Review Date: 2018-03-27
IETF LC End Date: unknown
IESG Telechat date: 2018-05-10
Summary: Has Issues
Process concern
A request for a telechat review of draft-ietf-secevent-token was
assigned to me. However, there has not yet been an IETF Last Call
announced for this document.
Major Concerns
All of the examples in Section 2.1 are non-normative. Instead of
staying that in each of the subsections, please add some text at the
top of Section 2.1 that says so.
I do not understand the first paragraph of Section 3. I think you are
trying to impose some rules on future specifications that use SET to
define events. Please reword.
Minor Concerns
The Abstract says:
... This statement of fact
represents an event that occurred to the security subject. In some
use cases, the security subject may be a digitial identity, but SETs
are also applicable to non-identity use cases. ...
Please correct the spelling of digital identity.
I do not think this tells the reader when they might want to employ this
specification. The following sentence from the Introduction does a
better job:
This specification is scoped to security and identity related events.
In Section 2, the last bullet on page 5 talks about the "events" JSON
object. The last sentence caught me by surprise, and I had to read it a
few times to figure out the intent. The events object cannot be "{}",
but the payload for an event in that object can be "{}". I think that
a MUST statement about there being at least one URI string value would
have helped me.
- [secdir] Secdir telechat review of draft-ietf-sec… Russ Housley
- Re: [secdir] [Id-event] Secdir telechat review of… Phil Hunt
- Re: [secdir] Secdir telechat review of draft-ietf… Benjamin Kaduk
- Re: [secdir] Secdir telechat review of draft-ietf… Mike Jones