Re: [Tsv-art] Tsvart last call review of draft-ietf-drip-auth-43
Adam Wiethuechter <adam.wiethuechter@axenterprize.com> Wed, 20 December 2023 16:08 UTC
Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04FA8C1AE94F; Wed, 20 Dec 2023 08:08:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FVacX32vX_ym; Wed, 20 Dec 2023 08:08:05 -0800 (PST)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2101.outbound.protection.outlook.com [40.107.237.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA1FEC1AE94C; Wed, 20 Dec 2023 08:08:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kd15V/iPraMfDAEviWsPr2mfQlrriJLAATtaUwn46zaF096lAHe2lw0pnbsA9LblLuU0zhDzODLzW4Q3IZwrfT+dV19glFfI/9+dLFXKMVL/WwjiVeE64ZzjSU2i3gc568CRfONfcfSElwf2XDnpqUsQ57Pj0L3ql7m90Lnt3WP81jKiK0fTYG+1Pnb+i+TgTAp8V9DB96uGCh2Af5VfHhvfip/qD7y904UUG6YO9Oxl0zDze2S9uyMycDza2NKUR+uIS5qvry5b3STwmASfG3RwBqho5BgaJWedMK1DIa0oSFZHMnJo+36s24FeUh5ms/CoN5qmIm4zGQ1YnqAOrA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ViCobIq2ohCIXdMQu59Y0aKmmUJSADbRu2rpVKxbdh0=; b=d9P0u06STVaaBen8SMvmysLYmQdvum6cm8tzVaxwz2frKBcp9iS84im3gKvKmf6et0xmpcTsplYpL9yBaS1udrUSWnFNfoc1CTrvm6Iose5YfG8MvLsMkwgJGsAZSJPRbSXOlUvlo41HCyT2gD6KrsUQGp0k2xfjmqRVsH0GxRv+VYxezm2HJ/g8JN0XaCszYzEninP2VZPmBrvuV2N7apTeDgg9ToRRuT8SgWz7PR5dvp7eCR4xbFfQ9UJKkhaNwvnA+fK1mICMvuvAvZXyfan7TaTEgI2gnjB6zV9qbmMmVvQr2wTCWb/WFxrCcuDLfKqdPN52EYDUxEzuTJIfqQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=axenterprize.com; dmarc=pass action=none header.from=axenterprize.com; dkim=pass header.d=axenterprize.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.onmicrosoft.com; s=selector1-axenterprize-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ViCobIq2ohCIXdMQu59Y0aKmmUJSADbRu2rpVKxbdh0=; b=CxuhsqVQoeq8Xo7iI8pAV9TjmErohT9GBQj9eopWvKbKC4dHT6+ayVoENzdc7Omz9HPZuGN5mVYebAQ0N2JNd31edCzwsomzGwXJtdLIuHNZ8R6expGGdAwKMOpqeOj/3zv7PEk+jEjLagVECH3BUxjFnSa4/xumT/udEkwE6Dc=
Received: from SN6PR13MB2446.namprd13.prod.outlook.com (2603:10b6:805:5f::26) by SA0PR13MB3952.namprd13.prod.outlook.com (2603:10b6:806:72::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7113.18; Wed, 20 Dec 2023 16:07:58 +0000
Received: from SN6PR13MB2446.namprd13.prod.outlook.com ([fe80::4932:a60e:d00a:4638]) by SN6PR13MB2446.namprd13.prod.outlook.com ([fe80::4932:a60e:d00a:4638%5]) with mapi id 15.20.7113.016; Wed, 20 Dec 2023 16:07:58 +0000
From: Adam Wiethuechter <adam.wiethuechter@axenterprize.com>
To: "tsv-art@ietf.org" <tsv-art@ietf.org>, Gorry Fairhurst <gorry@erg.abdn.ac.uk>
CC: "draft-ietf-drip-auth.all@ietf.org" <draft-ietf-drip-auth.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "tm-rid@ietf.org" <tm-rid@ietf.org>
Thread-Topic: Tsvart last call review of draft-ietf-drip-auth-43
Thread-Index: AQHaMyq0TuCQUs5XG0GM3f68Z1VLWrCyVl/+
Date: Wed, 20 Dec 2023 16:07:58 +0000
Message-ID: <SN6PR13MB244643E82160F1E0C6701C658896A@SN6PR13MB2446.namprd13.prod.outlook.com>
References: <170306614227.56807.17758198704796982862@ietfa.amsl.com>
In-Reply-To: <170306614227.56807.17758198704796982862@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=axenterprize.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SN6PR13MB2446:EE_|SA0PR13MB3952:EE_
x-ms-office365-filtering-correlation-id: d62ac980-7fff-4588-12e1-08dc0175d598
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: jyzWwMHAsaTfxRuPHLGRHSaVwjkfA/HPgSBclC0mrnIZl2Rk2c1zyPGVO4SJvahbzuqOtoT9FKhdvNSn+7hKrXOv6KIG6NO/lcJp3esZHCH7udS6GSGjqH7uw6OtbZJFTmESVl9pRVDXXbLQqI/KxVREcY/fkghdNFaMFKXRDE49slPtSX/zcTfQee9PuXWOGN6zh1k2ERCZ1UUI45Bz1qdstqB96umt19/A5SQZJaf5ukV3/n1EgehfiZ+gCNv3xfjvvLruAGJarljd9x/QFunq8LKTK+TSY9zN/DocczaOpLPlDqjUsVVPGG0PhiLDK8zFjUZUu7HTyrlqgY1NgQxO0UpWbjdvz6V7TKOqT6FnOF5nteLwexRxZOvQr3w1IhAV7NdtvrOBKXmtGZekcQ2Wgncdja/6d/+jQW+YUG5HY+AiGh9QWiDML4abH1Q0Dcn3jUh+AX/K7Sce4Oqu7NA1YvGkDFv/heEDXQLKGa+vhQwj2K4HbtAurwZr0QQkt4IRCr29MSqnNuR1Td13FV7NpYwCvzm8uIo06qRjms4ZiaPRMlssfuD0PEAWlgmR3Nt1Iv4tCpEttRRwv0ZmHEDUJMQfsJ7thhXQcN+uGndFvhFJwbFZACtytkVwMnyhqqIi4E/Q+g9t+OhI+e5rZw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN6PR13MB2446.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39830400003)(366004)(136003)(396003)(346002)(376002)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(5660300002)(166002)(2906002)(38100700002)(41300700001)(33656002)(122000001)(110136005)(26005)(71200400001)(86362001)(966005)(7696005)(9686003)(478600001)(53546011)(83380400001)(1015004)(6506007)(52536014)(44832011)(8936002)(66946007)(64756008)(54906003)(4326008)(66476007)(8676002)(38070700009)(66556008)(66446008)(91956017)(76116006)(316002)(19627405001)(55016003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: HsjFntr1oniAmbxuPJTwIbaHjuXnOwHpXhvYCwZApwZdHhq0SRsaX0XJ6nyyOhnru+pvHUo25qPZx9HDM6uoRQZVSYCStbUV7ZudA6+kojxZ35KGCo0ICnK+Zzr3wCs0KCflm/TsBSPnEA2hAiNt6HEnj4oOYdp5xw6C+xa36qajKlEXqHYKIXszgwRKwqSniUvkeUW5nkJ7C5cMoJmC7NzOV5Fv2q8B0ho33FV6pXLmCaBvy8ULjrg6ozvrF94kfgj40yYP0Cj5cH1cZsnAULUyf8fls/QeJXA8HoiPUOym3+tpYdGmhkfZ46QgxYkECOpyh0Oa/2rsdiO3/VoZdfQuCyYXxdt2q8wQUiiylo17vcwy0eAb7tdZv7VAr7gimK8TgVytW9+mlTjBzTcbKFEgmcjT/e3zDqGKti6sYThS74nn1XoRF1pGjy9piFv/7/aqVsiiGcXmSleptmkgblBire9U4ZlelrbWB/w5SV33P4FMkb27LlasU+qItHzlBJq7U17SSzuiSghO/wgrkSg1iGAuV0oCJZvfjW4IV7E3br03lkTpxV5LcWHjqjjwjR84hQsjDyEvAoMhaskd73V3CFfY0QiusRE41aKnBJOX/c4pvP3aiQhZZoRBJ4BjB/4xhJltAp3zPHQ+Hy13+3niT/HFYW/IoYO/55AcDJttJo+mSe6ECPREis8HJPV+V7lGGGjqKkJ2rVcTQtxFEhs5wZQz7pRSN58YABOfDEle/hrEbE14RylKEGD2y/vu21OgQ5iSWTze7m+NUFLTwwyvgEuWXmESI4tpzvcxPcTYQ9rK6hR6y/kzQPQc/YNYF3t6RjxTlBDW2XB/NQ8apffBzTBkRvswBpnDpL2DVGD+uDQXPoPuwqz+dpNWQ9Z0G44qW4XxsWRskiOeuRCYFgHCcuHUf2aPPPn9feXPCr6Aw0KxRsWFoVWqK94wIyMXQf75bIKpO1B+sdEvDj11lcRGJCdgQmUgtP6U402qEZj9Cm1gfs6HflUHgQ6SBLxdaXQKPKmIiN8xIbVFwh9ni529LpwIPksBGV/EsYMlR7d7LIDIUzH/bfc94cQrHhTKjNnGgSO0upodcwiDPFaFhKSZcOOC6po6CZdiARZtt24rTJrxf4IYUGj/AMroPlT/2fH5wzpjQnzCslEAcy54nR+WX6YDk40sB2eEcglsyczC4KgdUSy/p96YWlB3BYcAdanej6p+I44UPYmgjI6O+ToOgU06Du6LoBuX9TfIVmBVN/2LESmareDrCVCW+hjajO2sKU9rl03PyaqufpVhfBeckzS8w6fxMRnG8iHzCiib/PDz/CBO+l+jVfqD0Sf3Yoo0Wu0UKelzgpoE9eGN+EMqTKEc0XxVU5dlaAQxGftPi3DD9P2+XGtavG4Mo4jHAa+mRYM+IgR5La7V26SCCRhZ4LvXepHZ9HHFZucF0MTx1XdQCZdfSW0FvhBeLvfVYFxo8woTZTmjZrXJ4DlfvLMm1i5ASclhh7ITuiT4ksAl6QDk2E2xA2hjnIuobcBCKimlYQSouQOppdHmKOgje6lUBTBU7FN9A5BEffetZKMz7R8F1NS8hm/8yBv6MA6RKT1Wycyzs90AqKNhufWiow==
Content-Type: multipart/alternative; boundary="_000_SN6PR13MB244643E82160F1E0C6701C658896ASN6PR13MB2446namp_"
MIME-Version: 1.0
X-OriginatorOrg: axenterprize.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SN6PR13MB2446.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d62ac980-7fff-4588-12e1-08dc0175d598
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Dec 2023 16:07:58.5716 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 00ad0178-ead0-441e-96ff-0c72baf3a6fa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YVUJTLeyMlbyYjK+pVKmqdEC3KRmV5E+aAvS2paOuyLQSW6zNLAy9Ax16PQC2+QMlGzkyhOrtLuo5Pxin7TWYu8t1HEJLfNFj5dEo4Vy1eR1GO4JUFST8miqY+4EJUQW
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR13MB3952
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/fz9nhWD8yKCo-HT9xm5oh8aMvKI>
Subject: Re: [Tsv-art] Tsvart last call review of draft-ietf-drip-auth-43
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Dec 2023 16:08:08 -0000
Thanks for the review. Your comments have been added to [1] and shall be addressed by the end of LC. [1] https://github.com/ietf-wg-drip/draft-ietf-drip-auth/issues -------- 73, Adam T. Wiethuechter Software Engineer; AX Enterprize, LLC ________________________________ From: Gorry Fairhurst via Datatracker <noreply@ietf.org> Sent: Wednesday, December 20, 2023 4:55 AM To: tsv-art@ietf.org <tsv-art@ietf.org> Cc: draft-ietf-drip-auth.all@ietf.org <draft-ietf-drip-auth.all@ietf.org>; last-call@ietf.org <last-call@ietf.org>; tm-rid@ietf.org <tm-rid@ietf.org> Subject: Tsvart last call review of draft-ietf-drip-auth-43 Reviewer: Gorry Fairhurst Review result: Ready with Issues Thanks for writing this document. This document has been reviewed as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors and WG to allow them to address any issues raised and also to the IETF discussion list for information. When done at the time of IETF Last Call, the authors should consider this review as part of the last-call comments they receive. Please always CC tsv-art@ietf.org if you reply to or forward this review. The protocol defines a format and a set of security procedures. It uses two transmission modes, but does not appear to use IETF-defined transports. I did not identify any critical transport issues. In reviewing I did find some topics, that I think do not relate to the technical content, but I think ought to be resolved to finish the publication: 1. Section 3 is entitled “Background” and yet it makes requirements. This, to me, seems an odd title. I would strongly suggest a better title for the section, even if that happens to be as benign as “DRIP Authentication Procedure”. 2. The appendices might be normative? It would be helpful to state that the appendices are normative or informative? - It seems the latter? 3. The IANA procedures do not clearly explain the role of IANA, but almost do... Please check. For instance, does the following result in a request by IANA to the review team, or by the requester directly to the team? “Registration requests MUST be sent to drip-reg-review@ietf.org (mailto:drip-reg-review@ietf.org) and be evaluated within a three- week review period on the advice of one or more designated experts.“ === I have some editorial comments that might be addressed to provide clarification: I found the following sentence a little hard to parse - it likely could be made easier to read?: “Note however that if Length octets was exhausted exactly at the end of an Authentication Page then the Additional Data Length field will occupy the first octet of the following page the remainder of which under DRIP will be null padded.” Later, in 6.2: “Without any fragmentation or loss of pages with transmission FEC (Section 5) MUST NOT be used as it is impractical.” - Requiring something to not be used because it is impractical seems like an incomplete statement, especially since this seems to depend on loss in some was, I suspect the sentence could be easily reworded to say what is the constraint. This seems like an oddly phrased requirement: “It is REQUIRED that a UA send the following DRIP Authentication Formats to fulfill the requirements in [RFC9153]:” - when the requirement itself is followed by a set of keywords stating requirements. Is this a lower case “required”? I was unsure what is actually intended here, why a “few” and possibly a missing word somewhere? “In Extended Transports, the hash is over the Message Pack so only few hashes need to be in a Manifest. “ Could you better explain “radically”, does the hash change (slightly?) when the content is static, it was not clear to me how? “This message content is static; its hash never changes radically.” The intent of the sentence below was not clear to me (although it might be explained later, this requirement seems incomplete). It would be nice if the sentence with the keyword clearly explained the requirement, is “as-is” related to sending messages also with another encoding?: “The DRIP Wrapper MUST NOT be used in place of sending the ASTM messages as is.”
- [Tsv-art] Tsvart last call review of draft-ietf-d… Gorry Fairhurst via Datatracker
- Re: [Tsv-art] Tsvart last call review of draft-ie… Adam Wiethuechter