Re: [secdir] SECDIR review of draft-kyzivat-case-sensitive-abnf
Chris Lonvick <lonvick.ietf@gmail.com> Sat, 06 September 2014 17:38 UTC
Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8E1E1A06FC; Sat, 6 Sep 2014 10:38:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.3
X-Spam-Level: *
X-Spam-Status: No, score=1.3 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_41=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pt2kzG5N_UV; Sat, 6 Sep 2014 10:38:17 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5FB31A0705; Sat, 6 Sep 2014 10:38:17 -0700 (PDT)
Received: by mail-pa0-f46.google.com with SMTP id eu11so24396028pac.19 for <multiple recipients>; Sat, 06 Sep 2014 10:38:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=TcRykyYTqZRn5V0NgJLpUrBZi2voEnummdF3y6KT1MQ=; b=qvHFUOeAALHFZPXshMl0BSk9O6Ri0ENB6AMUiJ+eO5YpUoirkUyrfyCiOff8I0kq+j nwbcF5vOWhkXpn39xpHp8sTI0FFPo8L9eoBSXWRUiomrlaP8eP8KXlhn6shJpQRf9pZS LktSlv0GES0cNVswQW51TpT7h0+FjF3iIoKzhqdNrLvNRD0zazBrE6TfTHSJ/1omRZLm FajQmuR/Yfj6IWn30uFHZa2SbrVAuw9KPy393TkoJ6UibVgWjX3eevWKuxduVkzWsELV T8Oc7KNc8BTutnl6Kh4vzThk9Z2xA+tscOCkiCxmpo0gAAvJbal4RN4KtYd1Zh8CRwC7 GuDg==
X-Received: by 10.66.65.130 with SMTP id x2mr31858790pas.79.1410025097481; Sat, 06 Sep 2014 10:38:17 -0700 (PDT)
Received: from [192.168.1.76] (172-3-137-150.lightspeed.sntcca.sbcglobal.net. [172.3.137.150]) by mx.google.com with ESMTPSA id gf5sm4775346pbc.89.2014.09.06.10.38.15 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 06 Sep 2014 10:38:16 -0700 (PDT)
Message-ID: <540B4686.2060305@gmail.com>
Date: Sat, 06 Sep 2014 10:38:14 -0700
From: Chris Lonvick <lonvick.ietf@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, iesg@ietf.org, secdir@ietf.org, draft-kyzivat-case-sensitive-abnf.all@tools.ietf.org
References: <540A3309.90802@gmail.com> <540B3271.5060502@alum.mit.edu>
In-Reply-To: <540B3271.5060502@alum.mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/yXG6An1X0OrdiuuZ0CrsBf5OjlI
Subject: Re: [secdir] SECDIR review of draft-kyzivat-case-sensitive-abnf
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Sep 2014 17:38:19 -0000
Hi Paul, On 9/6/14, 9:12 AM, Paul Kyzivat wrote: > Chris, > > Thanks for the comments. > > On 9/5/14 6:02 PM, Chris Lonvick wrote: >> Hi, >> >> I have reviewed this document as part of the security directorate's >> ongoing effort to review all IETF documents being processed by the IESG. >> These comments were written primarily for the benefit of the security >> area directors. Document editors and WG chairs should treat these >> comments just like any other last call comments. >> >> The abstract is: >> >> This document extends the base definition of ABNF (Augmented Mackus- >> Naur Form) to include a way to specify ASCII string literals that >> are >> matched in a case-sensitive manner. >> >> >> Overall, I don't like the statement in the Security Considerations >> section, but it is consistent with all other documents related to >> defining ABNF, and I can't find any noteworthy security issues anyway. >> From that, I have no objection to moving this document forward. > > As you can see, I just followed precedent since I wasn't doing > anything that would alter the security implications in any way. > > But I am open to suggestions for something better to say. Nah, I like the consistency. The only concern (very minor) that I have is about how older ABNF interpreters would react to seeing these new literals. I don't think that they're mission critical in any way and the one that I tried (BAP) just gave me an error. > >> I did find some nits and have some suggestions for improving >> readability. >> >> 1 - "Mackus-Naur" is used in two places rather than "Backus-Naur". > > Yes. I don't know how that happened. Kind'a funny - you're not the first to make that error. http://publib.boulder.ibm.com/infocenter/wtelecom/v6r2m0/index.jsp?topic=/com.ibm.diameter.rf.doc/rf_rawinterface_r.html > >> 2 - The last sentence of section 2.1 is: >> >> This mechanism has a clear readability >> disadvantage, with respect to using a literal text string with a >> prefix, and new the prefix mechanism is preferred. >> >> >> Perhaps you meant: >> This mechanism of using a literal text string with a prefix has a >> clear >> readability disadvantage. The prefix mechanism described in this >> specification can be much more easily read. > > No. "This mechanism" refers to "the way that has been used in the > past" (specify the individual characters numerically). How about: > > "The new way (using a literal text string with a prefix) has a clear > readability advantage over the old way." Works for me. See the response I sent to Barry. > >> 3 - This part of Section 2.1 may be cleared up some: >> ---vvv--- >> >> If no prefix is present then the string is case-insensitive. >> >> Hence: >> >> rulename = %i"aBc" >> >> and: >> >> rulename = "abc" >> >> will both match "abc", "Abc", "aBc", "abC", "ABc", "aBC", "AbC", and >> "ABC". >> >> >> ---^^^--- >> >> Suggested: >> ---vvv--- >> To be consistent with current implementations of ABNF, having no >> prefix means that the string is case-insensitive, and is >> equivalent >> to having the "%i" prefix. > > This seems good, except for the use of "current". That doesn't age > well. I suggest replacing "current" with "prior". > Works for me as well. Best regards, Chris > Thanks, > Paul > >> Hence: >> >> rulename = %i"aBc" >> >> and: >> >> rulename = "abc" >> >> are equivalent and both will match "abc", "Abc", "aBc", "abC", >> "ABc", >> "aBC", "AbC", and "ABC". >> ---^^^--- >> >> Best regards, >> Chris >> >
- [secdir] SECDIR review of draft-kyzivat-case-sens… Chris Lonvick
- [secdir] SECDIR review of draft-kyzivat-case-sens… Barry Leiba
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Paul Kyzivat
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Paul Kyzivat
- Re: [secdir] SECDIR review of draft-kyzivat-case-… Chris Lonvick