[stir] Ben Campbell's Yes on draft-ietf-stir-rfc4474bis-15: (with COMMENT)
"Ben Campbell" <ben@nostrum.com> Wed, 02 November 2016 23:38 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: stir@ietf.org
Delivered-To: stir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 53201126FDC; Wed, 2 Nov 2016 16:38:29 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.37.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147812990930.24070.2354048411520933419.idtracker@ietfa.amsl.com>
Date: Wed, 02 Nov 2016 16:38:29 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/IFDBsfiSzVzwL3QeEf0iy03Gm0w>
Cc: stir@ietf.org, draft-ietf-stir-rfc4474bis@ietf.org, stir-chairs@ietf.org, rjsparks@nostrum.com
Subject: [stir] Ben Campbell's Yes on draft-ietf-stir-rfc4474bis-15: (with COMMENT)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2016 23:38:29 -0000
Ben Campbell has entered the following ballot position for draft-ietf-stir-rfc4474bis-15: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-stir-rfc4474bis/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks for this work. I'm balloting yes, but have a few minor comments and questions: Substantive: - 6.2, step 4: This says that if the full form of passport is included, and the Date header and iat do not match, use iat if it is fresh. I'm curious why not just use iat in the first place? What should one do if Date is fresh, but iat is not? -6.2.2: This section recommends specific result code reason phrases for a couple of circumstances. I assume the idea is that one should use a "helpful" reason phrase, and these are examples of phrases helpful for the circumstances. But it reads as if you mean to standardize those specific reason phrases. If the intent is really to offer examples, please clarify. I'd hate to see us back in the days of commonly seeing SIP code break due to unexpected reason phrases. - 7.2: The first sentence says verifiers must have a way to acquire and _retain_ certificates. Why must they have a way to retain them? The last paragraph in the section says they might wish to have a way to retain certs, but doesn't seem to require it. -- Is there any concern that the requirement to be able to dereference effectively arbitrary URLs in "info" parameters could become a DOS attack vector? E.g. info parameters that point to HTTP URIs that never respond, respond very slowly, or return huge and/or corrupt certs? -13.1 and 13.2: Is there a reason not to retarget the references in the IANA entries for the Identity header field and for the error codes from 4474 to [RFCThis]? Editorial: - 4.1.1, example: I assume the backslashes indicate line folding for documentation purposes only. It might be worth mentioning that. - 6.1, step 4, last paragraph: Is the reference to section 9 mean that section of _this_ document, or that section of stir-passport? - 7.1, 2nd paragraph: It seems odd to use 2119 MUSTs in examples of policies that authenticator services might have. -8.1, third paragraph: s/exampple/example
- [stir] Ben Campbell's Yes on draft-ietf-stir-rfc4… Ben Campbell
- Re: [stir] Ben Campbell's Yes on draft-ietf-stir-… Alexey Melnikov
- Re: [stir] Ben Campbell's Yes on draft-ietf-stir-… Peterson, Jon
- Re: [stir] Ben Campbell's Yes on draft-ietf-stir-… Ben Campbell
- Re: [stir] Ben Campbell's Yes on draft-ietf-stir-… Alexey Melnikov