Re: [stir] Nits in draft-ietf-stir-passport-08

Alan Ford <alan.ford@gmail.com> Tue, 11 October 2016 11:08 UTC

Return-Path: <alan.ford@gmail.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F1CD1294A4 for <stir@ietfa.amsl.com>; Tue, 11 Oct 2016 04:08:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6oLo_VHYp6si for <stir@ietfa.amsl.com>; Tue, 11 Oct 2016 04:08:04 -0700 (PDT)
Received: from mail-lf0-x231.google.com (mail-lf0-x231.google.com [IPv6:2a00:1450:4010:c07::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2CA6127058 for <stir@ietf.org>; Tue, 11 Oct 2016 04:08:03 -0700 (PDT)
Received: by mail-lf0-x231.google.com with SMTP id l131so3397441lfl.2 for <stir@ietf.org>; Tue, 11 Oct 2016 04:08:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:message-id:mime-version:subject:date:references:to:in-reply-to; bh=lESU3a6wl9pPoNc6Cemza1UXT0MDFp1lRTnLBKFZvgo=; b=hmw3n+DqggBXxVVaAYoCk3k6NjolirlM3UEtnOuE6PMKdbV5BHaPzV6T0yanO/G9ME pr7m7P2xDFp9+JbLXM9AZHsBZikHu6rZNPznDzNawFqyiq3vYjX9A9cSH5zWKEaAKaat qio5JtqxoyB7S+bAAYAvdXlaO87/MeEjLxxaBLRCKUCS25oaBKM+9XGmZ9I3ZHKTvvLr 8kKiv+QCoAPnXiaqgc8BZc9X7TzGTL6ZjQzOBsS+oO5ouVlt0gdCweLxcPgidTOdFWS+ BDk4LT3zZTYXEA6GMFd7rbyWetv3SC9saZdNTSscgbGBhbgPRtjhSRbbu5m4oI34NJvz gYkg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :references:to:in-reply-to; bh=lESU3a6wl9pPoNc6Cemza1UXT0MDFp1lRTnLBKFZvgo=; b=WtmZjOLQ6sF2qaIVwHnPwr6HbPdvUkU2GZqM6SYKCsn0PVxf8l8RUg83cbGl4bRzg1 YhEuxGGkLOlFB2NUd7fmkdEpfyRdmgWKlKa6lbDfdno9q5UTfq8RfyNBSHLrek53rkPN qoX4igiLPzIWMGAaarsJkurpRaeiv1hihezuXUrK217fSBm+l6elIJ6QN6YTuMSbwqiw 3Ox6e3h2nzLSvFGeNlihsKDWCvJBj7Qg47nxJSpAJmNg0XG8H7rBSU8t9LMO8D77CkOY WtblF2f22HcqyvPxADcv1zTllyo0obsMVEw4djUzXIU7NY7qz0Hpi1c4tdxnmDCRG7yh lKCQ==
X-Gm-Message-State: AA6/9Rk+VQOYRwRAB1Yq0215a15+LuHmjhuDgAf5yE1/geX3xCFCXJOa328AFHYn6k5vYw==
X-Received: by 10.194.178.200 with SMTP id da8mr4294817wjc.157.1476184079983; Tue, 11 Oct 2016 04:07:59 -0700 (PDT)
Received: from alans-mbp.lan ([37.152.254.14]) by smtp.gmail.com with ESMTPSA id za1sm1426589wjb.8.2016.10.11.04.07.58 for <stir@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 11 Oct 2016 04:07:59 -0700 (PDT)
From: Alan Ford <alan.ford@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_0BDCC820-069A-4F3F-A4B3-04CE953ACC3D"
Message-Id: <D190150F-645A-4E6D-BFAD-8CEAEA20A708@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Date: Tue, 11 Oct 2016 12:09:25 +0100
References: <CACG=0wRwRvYm8aBjwZMWtULvHmnhJXkJc8SeV5b=2pi0FpdYYg@mail.gmail.com>
To: stir@ietf.org
In-Reply-To: <CACG=0wRwRvYm8aBjwZMWtULvHmnhJXkJc8SeV5b=2pi0FpdYYg@mail.gmail.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/TmLjazKezjGPVVihD2yRbmguVr0>
Subject: Re: [stir] Nits in draft-ietf-stir-passport-08
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2016 11:08:07 -0000

Agree on the 4.2.1 feedback, and indeed there's some small rewording which could be done in Section 4.2.1 to make this easier to understand (IMHO anyway):

   The "dest" JSON object MUST have at least have one key value pair,
   but could have multiple identity types (i.e. "tn" and/or "uri") but
   only one of each.  If both "tn" and "uri" are included, the JSON
   object should list the "tn" array first and the "uri" array second.
   Within the "tn" and "uri" arrays, the identity strings should be put
   in lexicographical order including the scheme-specific portion of the
   URI characters.  Additionally, in the case of "dest" only, the
   identity type key value MUST be an array signaled by standard JSON
   brackets, even when there is a single identity value in the identity
   type key value.

The requirement to be an array should be introduced earlier, since it’s mentioned in passing half way through and only confirmed at the end. Instead I’d propose putting a second sentence in, something like this, and then losing the last sentence:

   The "dest" JSON object MUST have at least have one key value pair,
   but could have multiple identity types (i.e. "tn" and/or "uri") but
   only one of each.  Each value in the key value pair is an array, 
   containing one or more identity strings of this identity type. If both "tn” 
   and "uri" are included, the JSON object should list the "tn" array first 
   and the "uri" array second. Within the "tn" and "uri" arrays, the 
   identity strings should be put in lexicographical order, including the 
   scheme-specific portion of the URI characters.  

Other than that this, I have re-read this document again and it reads well and I believe it to be ready for publication.

Regards,
Alan

> On 3 Oct 2016, at 00:25, Anders Kristensen <andersk@google.com> wrote:
> 
> 
> * 4.2.1: s/only have one/have exactly one/ ?
> 
> The "orig" JSON object MUST only have one key value pair
> 
> * 4.2.1.4 <http://4.2.1.4/>: Why is "Single Originator", "Single Destination" etc. capitalized?
> 
> * 5: "above" is actually below (also in Section 8).
> 
>    For the JWS Payload and the JWS Protected Header,
>    the lexicographic ordering and white space rules described above, and
>    JSON serialization rules in Section 8 <https://tools.ietf.org/html/draft-ietf-stir-passport-08#section-8> of this document MUST be
>    followed.
> 
> * 8.1: Delete leading whitespace:
> 
>    {"dest":{"uri":["sip:alice@example.com <mailto:sip%3Aalice@example.com>"],"iat":1443208345,"mky":
>      [{"alg":"sha-256","dig":"021ACC5427ABEB9C533F3E4B652E7D463F5442CD5
>      4F17A03A27DF9B07F4619B2"},{"alg":"sha-256","dig":"4AADB9B13F82183B5
>      40212DF3E5D496B19E57CAB3E4B652E7D463F5442CD54F1"}],
>      "orig":{"tn":"12155551212"}}
> 
> * 9.1: s/the the/the/
> 
> * 9.2: Looks like this paragraph was meant to be rendered as a bulleted list.
> 
> * 9.2: s/the end user the asserted identity represents/the end user represented by the asserted identity/
> 
> * 12.1: I think technically speaking this doc does not depend on 4474bis so could make that ref informational.
> 
> * App A: Remove leading whitespace:
> 
>    {"alg":"ES256","typ":"passport","x5u":"https://cert.example.org <https://cert.example.org/>
>        /passport.cer"}
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir