IETF Logo Mail Archive

Re: [stir] Review of: draft-ietf-stir-rfc4474bis-10

"Peterson, Jon" <jon.peterson@neustar.biz> Tue, 09 August 2016 21:21 UTC

Return-Path: <prvs=1029e947ce=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3F212D89E for <stir@ietfa.amsl.com>; Tue, 9 Aug 2016 14:21:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.701
X-Spam-Level:
X-Spam-Status: No, score=-102.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=neustar.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CfHUE8DNjMJs for <stir@ietfa.amsl.com>; Tue, 9 Aug 2016 14:21:10 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEF5412D137 for <stir@ietf.org>; Tue, 9 Aug 2016 14:21:10 -0700 (PDT)
Received: from pps.filterd (m0078668.ppops.net [127.0.0.1]) by mx0b-0018ba01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id u79LDUoH010598; Tue, 9 Aug 2016 17:21:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=neustar.biz; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=neustar.biz; bh=6Q/zeuSfTn/y1tUU3iPZ/yAmOCBmH4cDEUo1eJtBl1E=; b=DNVfDpcVZA5pjpiZw67GE5r/uw3oNpvDQ1K2CuGSqywYjO+9vLQPpg/b+V0owqIGC//d H4kzcnjjNVqvJNJ2ba+S0uuuyoJzO+m3qRNuGTAptrmes74kTVoBSThvifPL42MOV6+P DDyny/5pUPzNUTwoI6sueZ7+hH+5xovKucKXa758T0vmY0eJtwt8mqYpTvxG+qw1f5aZ soRIKL+GZwFvGPVKcQHmy9+nj0Jcg5ekgYe7X8LkdbqkxN0LhgdFa50/a3wdOEhD1qlT sfwSQDytfNzMrhX5xcB0xAjES7JjyUFimT37UEHmmelNTOWuIxD3MuSE6gYdy1zoCaCZ Ag==
Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by mx0b-0018ba01.pphosted.com with ESMTP id 24qm95gh7w-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Tue, 09 Aug 2016 17:21:07 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0279.002; Tue, 9 Aug 2016 17:21:06 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] Review of: draft-ietf-stir-rfc4474bis-10
Thread-Index: AQHR8fCmKQLsUYw9dka3+jdXHWkJhKBAhpWA///ttYCAAHrsAP//lqEAgADBT4D//6qHAA==
Date: Tue, 09 Aug 2016 21:21:06 +0000
Message-ID: <D3CF80E4.1A7013%jon.peterson@neustar.biz>
References: <c3a85ffc-8340-ac54-4d8e-21a16fefd032@dcrocker.net> <4B1956260CD29F4A9622F00322FE053101285D016E32@BOBO1A.bobotek.net> <D3CF2934.1A6EE6%jon.peterson@neustar.biz> <1dbc154e-1ffc-689a-6f4f-45321e1149f6@dcrocker.net> <D3CF35CD.1A6F89%jon.peterson@neustar.biz> <6ddb77b3-2b14-e4a7-ed09-cc5c2f5bcde7@dcrocker.net>
In-Reply-To: <6ddb77b3-2b14-e4a7-ed09-cc5c2f5bcde7@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.28]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <0A47AD7EA7381C488B17C61BC5423E12@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-09_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608090219
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/pJ8OjTAcuTrThb4HHlAAdu7GxMk>
Subject: Re: [stir] Review of: draft-ietf-stir-rfc4474bis-10
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 21:21:12 -0000

While I hear your ask, I'm not sure I think giving individual answers to
the 70+ questions in your review are warranted. I'll be looking to the
chairs and the rest of the working group for guidance on this issue though
- if the prevailing sentiment is that I should answer them all, then I
will. 

In some cases, you pose questions related to a single incidental word
choice. "difference -> different?" is a question that doesn't require the
consideration of the entire working group. In a stir-passport passage
referring to "two new custom headers corresponding to the two parties" you
pose five questions: "corresponding? referring? describing? identifying?
addressing?" I think your point here isn't a question - or five questions
- at all, you're just unhappy with the use of the term "corresponding." As
it happens, I don't feel the usage of "corresponding" in this sentence is
a problem, but this is merely an editorial matter that I think can be
resolved without working group discussion.


Others of your questions are simply forms of mild emphasis that have been
disguised as questions for rhetorical effect. When we give an example of a
JWT header, for example, your review comment is "How is reader to know
what that long string means? Is the doc only for the cognoscenti? if so,
which cognoscenti?" I'm not sure the question of identifying the
cognoscenti for which this document was putatively written is something
that requires the attention of the working group. The first question, how
the reader is supposed to know what that long string means, is answered in
the next three sections of the document - one limitation of doing
line-by-line reviews like this in real time is that they tend to pose
questions that are answered in the document immediately afterward.

A lot of your questions are one-word "why?" questions which are surely
rhetorical.

Also, for those questions that do have some technical meat, we may have
already touched on them here on the list. Early on in the review, for
example, in response to the line in stir-passport reading "Tokens are a
convenient way of encapsulating information with," you interrupt, "Why?
What are the alternatives? Why is this the starting point?" You are making
rhetorical points here, that in your opinion using tokens for this purpose
has not been sufficiently motivated. We've talked about that quite a bit
on the list following your review about why we chose to use a token.


As such, I feel like answering many of these question would just be
busywork that will not in fact lead to any new list discussions or working
group insights or changes to what will get sent over the wire. I don't
think I have any obligation in our consensus process to vet issues that I
don't think warrant the attention of the working group - though again, if
the chairs and/or the group on the whole feel differently about these
issues, I will go with the group on this.

Jon Peterson
Neustar, Inc.

On 8/9/16, 12:26 PM, "Dave Crocker" <dhc@dcrocker.net> wrote:

>On 8/9/2016 7:55 AM, Peterson, Jon wrote:
>> I don't know how to start a working group discussion about "many and
>> serious problems." Like I said, my first response to your stir-passport
>> review covered what I considered to be its most significant issues,
>>which
>> were largely about the fundamental architecture and the document
>> organization (that is, the modularity with other specifications).
>>
>> I just read the whole thing again. The remainder of your comments are
>> overwhelmingly stylistic, editorial or philosophical.
>
>
>Jon,
>
>Let's start with a rather simple exercise.
>
>My review of passport has more than 70 questions in it.  (I stopped
>counting after that, and I haven't counted the number in -4474bis,
>though it too is substantial.)  While indeed, some of those pertain only
>to stylistic points many/most do not.
>
>So the simple exercise is to ask you to please respond publicly to the
>questions I ask in my reviews.
>
>And yes, it's fine to skip the obviously minor stuff.  If I think you
>missed something important, there's a reasonable chance I'll note it...
>
>If you find yourself wanting more of a challenge, look for the various
>places that I note that something claiming to be (or to refer to) a
>specification does not actually supply specification detail or that the
>specification is wrong (eg, doesn't work) and then respond publicly to
>the substance.
>
>Thanks.
>
>d/
>-- 
>
>   Dave Crocker
>   Brandenburg InternetWorking
>   bbiw.net

v2.23.0 | Report a Bug | By Email