Re: [secdir] Secdir telechat review of draft-ietf-secevent-token-07
Benjamin Kaduk <kaduk@mit.edu> Wed, 28 March 2018 12:59 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFC3A126FDC; Wed, 28 Mar 2018 05:59:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zznqm9qUjedd; Wed, 28 Mar 2018 05:59:04 -0700 (PDT)
Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 039411242F7; Wed, 28 Mar 2018 05:59:03 -0700 (PDT)
X-AuditID: 12074422-49dff7000000583f-97-5abb91942575
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 9C.A6.22591.5919BBA5; Wed, 28 Mar 2018 08:59:02 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w2SCwuxa031086; Wed, 28 Mar 2018 08:58:58 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w2SCwq2v001828 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 28 Mar 2018 08:58:55 -0400
Date: Wed, 28 Mar 2018 07:58:52 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Russ Housley <housley@vigilsec.com>
Cc: secdir@ietf.org, draft-ietf-secevent-token.all@ietf.org, id-event@ietf.org
Message-ID: <20180328125852.GC76724@kduck.kaduk.org>
References: <152218349510.5239.9026903316972844190@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <152218349510.5239.9026903316972844190@ietfa.amsl.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgleLIzCtJLcpLzFFi42IRYrdT0Z02cXeUwZfvwhZP5ixktXj14ia7 RceCbiaLDwsfsjiweCxZ8pPJY9WdL6wBTFFcNimpOZllqUX6dglcGT+2nmUqWCJa8XhOH0sD 416BLkZODgkBE4mG35NZuhi5OIQEFjNJTDnWwQrhbGSU+Lf9CjuEc5VJYtauJkaQFhYBVYme T/OYQGw2ARWJhu7LzCC2iIC6xN/5F9hBbGYBP4lDX5qBbA4OYQFnieeHLEHCvEDbfh7pBGsV EnCSOHNqMStEXFDi5MwnLBCtWhI3/r1kAmllFpCWWP6PAyTMCTSl/c9ENhBbVEBZYm/fIfYJ jAKzkHTPQtI9C6F7ASPzKkbZlNwq3dzEzJzi1GTd4uTEvLzUIl1TvdzMEr3UlNJNjODAdVHa wTjxn9chRgEORiUe3oKYXVFCrIllxZW5hxglOZiURHkl43ZHCfEl5adUZiQWZ8QXleakFh9i lOBgVhLhfa8BlONNSaysSi3Kh0lJc7AoifN6mGhHCQmkJ5akZqemFqQWwWRlODiUJHgbJgA1 ChalpqdWpGXmlCCkmTg4QYbzAA1vAanhLS5IzC3OTIfIn2LU5bjx4nUbsxBLXn5eqpQ47weQ IgGQoozSPLg5oIQjkb2/5hWjONBbwrwFIFU8wGQFN+kV0BImoCXbmnaALClJREhJNTBqG92R 2XQlxsBbZln2n+NPom92VLWla3x/1DLjb/eqhLtn0oN6th/4uT9fka3nUIbpXnkT3twr6q9m fyy6f5+je3t8/rcfrzWTi1Q2y9xzS71VbJvas3Vzm1Jl2+pLWrZfrzObc1+9tUVvl+0XvVnL N525+XHihYnfuxSZMsM/WGROPldYuUdYiaU4I9FQi7moOBEAH2oTDxMDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/qbhLBrQCy9hcdAjWGooQdHE3CJU>
Subject: Re: [secdir] Secdir telechat review of draft-ietf-secevent-token-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2018 12:59:07 -0000
Hi Russ,
On Tue, Mar 27, 2018 at 01:44:55PM -0700, Russ Housley wrote:
> Reviewer: Russ Housley
> Review result: Has Issues
>
> I reviewed this document as part of the Security Directorate's ongoing
> effort to review all IETF documents being processed by the IESG. These
> comments were written primarily for the benefit of the Security Area
> Directors. Document authors, document editors, and WG chairs should
> treat these comments just like any other IETF Last Call comments.
>
> Document: draft-ietf-secevent-token-07
> Reviewer: Russ Housley
> Review Date: 2018-03-27
> IETF LC End Date: unknown
> IESG Telechat date: 2018-05-10
>
> Summary: Has Issues
>
> Process concern
>
> A request for a telechat review of draft-ietf-secevent-token was
> assigned to me. However, there has not yet been an IETF Last Call
> announced for this document.
Thanks for the review, and for pointing out the process nit.
Getting on a telechat is pretty hard at the moment due to the large
spike in documents we saw prior to the IESG cutover. I should still
have time to complete my AD review and issue the IETF LC with time
to spare before 2018-05-10, though.
Authors, please feel free to address Russ's comments in a new
revision if you can do so before the IETF LC is issued.
Thanks,
Ben
>
> Major Concerns
>
> All of the examples in Section 2.1 are non-normative. Instead of
> staying that in each of the subsections, please add some text at the
> top of Section 2.1 that says so.
>
> I do not understand the first paragraph of Section 3. I think you are
> trying to impose some rules on future specifications that use SET to
> define events. Please reword.
>
>
> Minor Concerns
>
> The Abstract says:
>
> ... This statement of fact
> represents an event that occurred to the security subject. In some
> use cases, the security subject may be a digitial identity, but SETs
> are also applicable to non-identity use cases. ...
>
> Please correct the spelling of digital identity.
>
> I do not think this tells the reader when they might want to employ this
> specification. The following sentence from the Introduction does a
> better job:
>
> This specification is scoped to security and identity related events.
>
>
> In Section 2, the last bullet on page 5 talks about the "events" JSON
> object. The last sentence caught me by surprise, and I had to read it a
> few times to figure out the intent. The events object cannot be "{}",
> but the payload for an event in that object can be "{}". I think that
> a MUST statement about there being at least one URI string value would
> have helped me.
>
>
- [secdir] Secdir telechat review of draft-ietf-sec… Russ Housley
- Re: [secdir] [Id-event] Secdir telechat review of… Phil Hunt
- Re: [secdir] Secdir telechat review of draft-ietf… Benjamin Kaduk
- Re: [secdir] Secdir telechat review of draft-ietf… Mike Jones