Re: [secdir] Secdir review: draft-west-webappsec-csp-reg-03.txt

Mike West <mkwst@google.com> Tue, 20 October 2015 09:37 UTC

Return-Path: <mkwst@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E36531B30D9 for <secdir@ietfa.amsl.com>; Tue, 20 Oct 2015 02:37:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOj_b5tcHwZf for <secdir@ietfa.amsl.com>; Tue, 20 Oct 2015 02:37:29 -0700 (PDT)
Received: from mail-lf0-x22e.google.com (mail-lf0-x22e.google.com [IPv6:2a00:1450:4010:c07::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0DE41B30DB for <secdir@ietf.org>; Tue, 20 Oct 2015 02:37:27 -0700 (PDT)
Received: by lffv3 with SMTP id v3so2668403lff.0 for <secdir@ietf.org>; Tue, 20 Oct 2015 02:37:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=cK0DuTTBexZzpge3DW1dWxLRFg7x2O7Mk+P8ECqfwO4=; b=WlLDh7VWSSmm85PsnbgvJpulqX7U6CF+4NsvhhVyJhCvLs7MVCmQD4C4V8dPppuEZF k4t5knMxpkvTiFMEXkYjfe1SbasRQRQrYvLe7593vL2t3b9Du4w4vjc/Gql314o/eqTw CmN3kACk03okJvSiJIyUIA/Abr8cU8iqVm6MiZvS/iL8++VrWXql3/pWDAN2HORiXfYB 0AP2iet+dUmpk3VbnilMSor6i0QHCqgYh7UMWg/G/LxNO/aDg/o5gOl9qcAipiyY/ztO o+lbqWYTDJb20ofIT6dSL77eQagBNptqiiaRM/EnOZgFE3GbHn6kHymQ4GM0jU1kngZX 9ijQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=cK0DuTTBexZzpge3DW1dWxLRFg7x2O7Mk+P8ECqfwO4=; b=JH9sZSXn2bFbv3FAQXst6rIXqOctNTXxC/YtFWZJn5IwUGbLW64SlmcEzonnIfuafj lu6s2VD12eCaSrBrhu1ArWuLw75k+i2lW7nEmHau18ZgrKu7u01ENsYgLc47L5MokoBo UUvor9Ntdqi5Zs/ceahmuiqSVQ6uHdwVXevAJxVrfSjhJvtw+ym6Avhcpe2tpiKaaYVZ mGem+YA9XDyOCAWhgkFM+D1tRqf5i9OOxYFHpcyfFNp7EA2/PnFEGzjhs7BtLLuKu0NX OdUuv9CEYrP+zgbcZUBCfroWJ/LbMozgnwJj2AzrEq/y2cPJiyVbYXYucd+IYhUx7fr8 /48w==
X-Gm-Message-State: ALoCoQnwWxz1IawIqz7b7Vt32KFKqRVzMo53lQ5zB8y3FDxkkmhWWOL1Z4QHou+K0zcICHF0IDN1
X-Received: by 10.25.17.103 with SMTP id g100mr784377lfi.110.1445333845845; Tue, 20 Oct 2015 02:37:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.112.145.97 with HTTP; Tue, 20 Oct 2015 02:37:06 -0700 (PDT)
In-Reply-To: <56214A36.5050805@nostrum.com>
References: <56214A36.5050805@nostrum.com>
From: Mike West <mkwst@google.com>
Date: Tue, 20 Oct 2015 11:37:06 +0200
Message-ID: <CAKXHy=c=2oauH82=O2zFkaAn_fi0_sP-X-tzK9-bqJtTjoG6ew@mail.gmail.com>
To: Robert Sparks <rjsparks@nostrum.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/mP-PpgsNVw4LoMmVPdSARgMHQds>
X-Mailman-Approved-At: Thu, 22 Oct 2015 07:18:03 -0700
Cc: draft-west-webappsec-csp-reg.all@ietf.org, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review: draft-west-webappsec-csp-reg-03.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Oct 2015 09:37:30 -0000

On Fri, Oct 16, 2015 at 9:04 PM, Robert Sparks <rjsparks@nostrum.com> wrote:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.

Thank you, Robert!

> The BNF for directive-name, as copied into this draft, allows a directive
> name of -, or --, ---, etc.
> Are you expecting an expert to disallow these, or are they ok?
> Is the answer the same for the name 42?

I think we would rely on the expert to determine whether these are
appropriate directive names. I'd suggest that they aren't, but I'm not
sure it's worth constructing a more rigid grammar which would ban
them.

-mike