RE: Comments on draft-ietf-trade-iotp-v1.0-protocol-05.txt Part 2
Rudolf Hornig <rudolf@metechnology.com> Mon, 06 September 1999 09:35 UTC
Received: from one.eListX.com (one.elistx.com [209.116.252.130]) by ietf.org (8.9.1a/8.9.1a) with SMTP id FAA10739 for <trade-archive@odin.ietf.org>; Mon, 6 Sep 1999 05:35:07 -0400 (EDT)
Received: by one.eListX.com id aa11870; 6 Sep 99 05:31 EDT
Received: from one.elistx.com by one.eListX.com id aa11722; 6 Sep 99 04:52 EDT
Received: from matavnet.hu by one.eListX.com id aa11707; 6 Sep 99 04:50 EDT
Received: (qmail 28901 invoked from network); 6 Sep 1999 10:51:29 +0200
Received: from line-211-200.dial.matav.net (HELO apps) (145.236.211.200) by mail.matav.hu with SMTP; 6 Sep 1999 10:51:29 +0200
Received: from 10.0.0.10 by apps ([10.0.0.1] running VPOP3) with SMTP; Mon, 6 Sep 1999 10:51:00 +0200
Reply-To: rudolf@metechnology.com
MMDF-Warning: Parse error in original version of preceding line at one.eListX.com
From: Rudolf Hornig <rudolf@metechnology.com>
To: 'David Burdett' <david.burdett@commerceone.com>, "'IOTP Trade List (E-mail)'" <ietf-trade@lists.eListX.com>
Subject: RE: Comments on draft-ietf-trade-iotp-v1.0-protocol-05.txt Part 2
Date: Mon, 06 Sep 1999 10:50:59 +0200
Message-ID: <000001bef844$f1ba1000$0a00000a@rudolf>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
In-Reply-To: <123B7EB05559D311B0D900A0C9EA3D7604F206@NEPTUNE>
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211
X-Server: VPOP3 V1.3.0b - Registered to: Me Technology
Sender: ietf-trade-owner@lists.eListX.com
Precedence: bulk
X-elistx: ietf-trade
Source-Info: From (or Sender) name not authenticated.
Content-Transfer-Encoding: 7bit
Hello David, > ==================================================================== > 7.6.1.1 Organisation IDs > RH> ComsumerOrgId is case sensitive however NonConsumerOrgId is > RH> case insensitive. This may cause confusion... and in this > RH> case the third example should be: > RH> "Consumer:1000247ABH/newjerseybooks.com" > RH> starting with a capital letter... > ##Propose making ConsumerOrgId case insensitive. Do you agree?## RH> That's the best solution... I agree 100%. > ==================================================================== > RH> ErrorLogNetLocn is mandatory for non consumer roles. > RH> Because there are no mechanisms defined for authenication > RH> on this channel and it is not secured, this type > RH> of logging may introduce security holes. (maybe the > RH> error component, the Consumer is sending, contains also > RH> some previous XML message, which contains sensitive information) > ## There shouldn't be a security hole of this type since the > content of > earlier messages is never included when reporting an error. > At most you > might include just the element or attribute value that was in error.## RH> Ok I agree, but even the TransID component could contain sensitive RH> information. For example to authorise and inquiry transaction. RH> (IotpTransId and TransTimeStamp) > RH> Because all the error components should be sent back to the > RH> counterparty, I would suggest to let the server roles implement > RH> their own logging facility. Or I would make the ErrorLogNetLocn > RH> optional... Hints on this ??? > ##Disagree. When we discussed this we thought it would be > simpler to always > include it and leave it to each implementation to decide what > they do with > error messages when they receive them. They could just ignore them.## This solution is OK. > ==================================================================== > RH> About DTD in general: > RH> PackagedContent, ContactInfo, PersonName, PostalAddress, > RH> ProtocolBrand, DeliveryData, ErrorLocation, Manifest, > RH> Digest, Attribute, OriginatorInfo, RecipientInfo, > RH> Parameter, IssuerAndSerialNumber and Locator Elements > RH> doesn't have ID attribute. As even for IOTP extensions > RH> it is a requirement to have ID attribute, it would be nice > RH> to have also on all element in IOTP DTD. > ## I don't have a really stron view on this. Putting in ID's > could make > error reporting simpler since you can specifically identify > the instance of > an element that was on error. On the other hand this is a fairly major > change at this stage and I'm not sure it would be worth it. > What do others > thing?## RH> The idea behind my suggestion was to have some common way to RH> identify an element/component/block etc. which could be used RH> the same way during error reporting, signing the elements and RH> would make, for example an IOTP Message Parser/Generator's RH> implementation much more clear. In this case we could have RH> a common way to identify all elements in an IotpMessage. RH> On the other hand I 100% agree with you not to diturb the RH> draft if it doesn't worth... > ... > RH> The digital signature part is not consistent regarding > RH> capitalisation in attribuite naming. > ## This is because its following the conventions in the IOTP > dsig spec. One > thought going through my mind is whether or not to include > (by copying) the > dsig DTD into the IOTP DTD. You could just leave it separate and use > namespaces to identify which each belonged to. But then do we want to > introduce the requirement that namespaces are used at this > late stage when > you don't really need them. Thoughts everyone?## RH> I think copying the DTD is ok. I wouldn't introduce namespaces RH> if it could be avoided... Rudi -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rudolf Hornig (Rudolf@MeTechnology.com), Project Manager MeTechnology Ltd. Hungary - a Brokat Company -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ----------------------------------------------------------------------- Message addressed to: ietf-trade@lists.elistx.com Archive available at: http://www.elistx.com/archives/ietf-trade/ To (un)subscribe send a message with "subscribe" or "unsubscribe" in the body to: ietf-trade-request@lists.elistx.com
- Re: Comments on draft-ietf-trade-iotp-v1.0-protoc… Donald E. Eastlake 3rd
- RE: Comments on draft-ietf-trade-iotp-v1.0-protoc… Rudolf Hornig
- RE: Comments on draft-ietf-trade-iotp-v1.0-protoc… David Burdett
- Comments on draft-ietf-trade-iotp-v1.0-protocol-0… Rudolf Hornig