Re: [stir] [Acme] Authority Token WGLC

Chris Wendt <chris-ietf@chriswendt.net> Fri, 16 September 2022 21:20 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4631C14F73B for <stir@ietfa.amsl.com>; Fri, 16 Sep 2022 14:20:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.905
X-Spam-Level:
X-Spam-Status: No, score=-6.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D9lPA_ARdHU0 for <stir@ietfa.amsl.com>; Fri, 16 Sep 2022 14:20:29 -0700 (PDT)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D44C152566 for <stir@ietf.org>; Fri, 16 Sep 2022 14:19:34 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id i3so12023246qkl.3 for <stir@ietf.org>; Fri, 16 Sep 2022 14:19:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20210112.gappssmtp.com; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date; bh=uqppaXn8otdvbBzOFFOyI7M5V5fXUfKvG5LDxazHym4=; b=TSlAx2JwPjdJqG/wlWR8RT2790F6OwmvzZ/e3Iprot1BGFBpufkRiJfMI/CTMLfANv s9TjQ4zGybGvILbfNhU61r1FYdNos+W4JVi8gOQZJZBq1LZC8aLBL06fnlcwZxCG+jRR M7idsujuqtHMRQikrFaxfkfCFtuYMMDYMUi6rpLYDj5cK8LSqHS6vp6MXm95vQh2t+ar Enoq8Wl+C1El/sujaOurD2XNJUpfJmjWfqC8d3QS54f56Q/Btvr+PmqyLaZ3OB5Bgegq 0dSJ2q4IFWmO/rLWKQG4xqwzEEoWhYb/cTYBZ4+U/Q7HLBk+ucI56SsGdtF1sy5OhfOB LObQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=uqppaXn8otdvbBzOFFOyI7M5V5fXUfKvG5LDxazHym4=; b=RRO1hpnFaNGl2UeYoKHLcUVO2t5HgMKUlQ/zLDw3pH82pxrAsXn9RW9DJyqAe1reL3 lhsqoNgfsGGwXGAItKbTaiUIaBFyrhgJiXdo7GbWCogKZCsEaJs1RquxUNHNHC5I/KDW qMpARTVi3XKjY2rgLolfjd6HTS0y91DLcG7PoVvgw2WCvR3oh1GGMhHnVJKCnndOa2+K wqiTEFIOgTNRaThhKpMCz0hU5pf3OKF2BPMBGM5W2Mdghf7GB7m3ru+Zyv2EjXMjooHt IulCvlFfzo9rYOlLhKBV+X2Qrz8fa64sHEpT8NpsQwMM/WCJ2QZ/6+h0uyFTXQ5ppNFH NOPA==
X-Gm-Message-State: ACrzQf1fpRGaW8sxqp+yxsd6nfjJu2jez9osA6bYviYyTLc0Vsy/7+2L fmtXC5V3dTJDb5dtRKr9nE69Cw==
X-Google-Smtp-Source: AMsMyM6LqIgKbTwmI8rt2Vky5Up9HRk+d3EWODGFe7wuJ0DsXjgr666baiTfwt2+0TPQJrHVx8d8Vw==
X-Received: by 2002:ae9:dc85:0:b0:6cd:ea8d:5113 with SMTP id q127-20020ae9dc85000000b006cdea8d5113mr5481785qkf.55.1663363174017; Fri, 16 Sep 2022 14:19:34 -0700 (PDT)
Received: from smtpclient.apple (c-69-242-46-71.hsd1.pa.comcast.net. [69.242.46.71]) by smtp.gmail.com with ESMTPSA id cp4-20020a05622a420400b0035bab4dd6c9sm5881959qtb.22.2022.09.16.14.19.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Sep 2022 14:19:32 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.1\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <116186D9-ECB6-40AA-B63E-291BF00175E0@sn3rd.com>
Date: Fri, 16 Sep 2022 17:19:32 -0400
Cc: IETF ACME <acme@ietf.org>, draft-ietf-acme-authority-token-tnauthlist@ietf.org, stir@ietf.org, draft-ietf-acme-authority-token@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <36FB51E2-EDAA-40D4-972D-D43113D96F36@chriswendt.net>
References: <CAGgd1OdkZqqHEsAXL9CpucXop8Qbr5uzknU9Onr5Sj0u_9azzQ@mail.gmail.com> <116186D9-ECB6-40AA-B63E-291BF00175E0@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
X-Mailer: Apple Mail (2.3696.120.41.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/ISc7wGrpvsU7kQ_9Fme0WXl8kA8>
Subject: Re: [stir] [Acme] Authority Token WGLC
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 21:20:30 -0000

Hi Sean,

Thanks, i have incorporated the text changes you suggested into new release of the tnauthlist document that incorporates Richard’s suggestions as well.

-Chris

> On Sep 6, 2022, at 10:40 PM, Sean Turner <sean@sn3rd.com> wrote:
> 
> Hi! 
> 
> I had a read of these two I-Ds. Comments follow:
> 
> # -authority-token
> 
> tl;dr: editorial and nits
> 
> 0) s8: I-D Nits complains about "Authority Tokens SHOULD not”. So s/SHOULD not/SHOULD NOT
> 
> 1) s9.1: I-D Nits complains about dancing references to RFCs 3986 and 4648. I guess you could work them in, but if not then just drop them.
> 
> 2) s3: Expand CAs on first use: s/CAs/Certification Authorities (CAs)
> 
> 3) s3.1: Consider adding a reference to 8126, where Specification Required is defined:
> 
> s/The IANA will maintain a registry of tkauth-types under a policy of Specification Required./The IANA will maintain a registry of tkauth-types under a policy of Specification Required [RFC8126].
> 
> 4) s3.1: Wording tweak - requirements just kind of hangs there:
> 
> s/In order to register a new tkauth-type, specifications must address the following requirements; in cases where a tkauth-type admits of its own subtypes, subtypes inherit these requirements./s/In order to register a new tkauth-type, specifications must address the requirements in this section; in cases where a tkauth-type admits of its own subtypes, subtypes inherit these requirements.
> 
> 5) s.3.1: 2119 it:
> 
> s/Therefore, in defining tkauth-types, future specifications must indicate/Therefore, in defining tkauth-types, future specifications MUST indicate
> 
> 6) s8: 2119 it:
> 
> s/ … HTTPS REST client and the Token Authority must also exist …
> /… HTTPS REST client and the Token Authority MUST also exist …
> 
> s/Implementations should follow the best practices identified in [RFC8725].
> /Implementations SHOULD follow the best practices identified in [RFC8725].
> 
> 7) s8: dangling )
> 
> s/Section 4)./Section 4.
> 
> 8) s8: algorithms for keys:
> 
> s/permit other keys/permit other algorithms
> s/define new keys/define new algorithms
> 
> 
> # -authority-token-tnnauthlist
> 
> (note I also did the ARTART review)
> 
> tl;dr: looks like -09 fixed my ARTART review comments and now I have but one new nit:
> 
> 1) algorithms for keys:
> 
> s/permit other keys/permit other algorithms
> s/define new keys/define new algorithms
> 
> Cheers,
> spt
> 
>> On Aug 23, 2022, at 15:58, Deb Cooley <debcooley1@gmail.com> wrote:
>> 
>> As we agreed at the acme session at IETF 114, this is a limited WGLC for both:
>> 
>> https://datatracker.ietf.org/doc/draft-ietf-acme-authority-token/
>> https://datatracker.ietf.org/doc/draft-ietf-acme-authority-token-tnauthlist/
>> 
>> I've added stir to the to line for good measure (and to broaden the pool of reviewers a bit). We need to see if we can push these forward again.  
>> 
>> The review deadline is 6 Sep 2022.  
>> 
>> Deb Cooley
>> acme co-chair
>> 
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
>