Re: [Unbearable] A storm in a cup of tea (related to draft-ietf-tokbind-protocol-13)

Benjamin Kaduk <kaduk@mit.edu> Sun, 19 March 2017 19:44 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26DC512922E for <unbearable@ietfa.amsl.com>; Sun, 19 Mar 2017 12:44:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8E4HxrJLQKWo for <unbearable@ietfa.amsl.com>; Sun, 19 Mar 2017 12:44:32 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A029C126DFB for <unbearable@ietf.org>; Sun, 19 Mar 2017 12:44:32 -0700 (PDT)
X-AuditID: 1209190f-203ff70000005dde-b6-58cedf9f94b3
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 08.08.24030.F9FDEC85; Sun, 19 Mar 2017 15:44:31 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v2JJiUYc008570; Sun, 19 Mar 2017 15:44:30 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v2JJiQ9r030332 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 19 Mar 2017 15:44:29 -0400
Date: Sun, 19 Mar 2017 14:44:26 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Leif Johansson <leifj@mnt.se>
Cc: unbearable@ietf.org
Message-ID: <20170319194425.GD30306@kduck.kaduk.org>
References: <468011f3-258a-405e-c883-18739486661f@free.fr> <d9544986-1b52-f341-079a-c9686a275e18@mnt.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <d9544986-1b52-f341-079a-c9686a275e18@mnt.se>
User-Agent: Mutt/1.6.1 (2016-04-27)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrJIsWRmVeSWpSXmKPExsUixCmqrDv//rkIgwV7ZCwa+2YwW5x7vJDJ gcljyZKfTB6blqcGMEVx2aSk5mSWpRbp2yVwZWx+8oy94A17Rd/v54wNjPPYuhg5OSQETCSW fW9h72Lk4hASaGOS2HKzlRHC2cgosWzjdjYI5yqTxIYJrcxdjBwcLAKqEkf3p4N0swmoSDR0 X2YGsUUEFCUefjnLDmIzC4hLzJyymxXEFhaIl9i7tQvM5gXatvfwOzBbSCBLYt+q2+wQcUGJ kzOfsED0aknc+PeSCWQVs4C0xPJ/HCBhTgErif6eqWAlogLKEg0zHjBPYBSYhaR7FpLuWQjd CxiZVzHKpuRW6eYmZuYUpybrFicn5uWlFuma6OVmluilppRuYgSHqCT/DsY5Dd6HGAU4GJV4 eG9cOhchxJpYVlyZe4hRkoNJSZT3nzpQiC8pP6UyI7E4I76oNCe1+BCjBAezkgjvjztAOd6U xMqq1KJ8mJQ0B4uSOK+4RmOEkEB6YklqdmpqQWoRTFaGg0NJgjf+HlCjYFFqempFWmZOCUKa iYMTZDgP0PBYkBre4oLE3OLMdIj8KUZFKXFey7tACQGQREZpHlwvKIVIZO+vecUoDvSKMO9O kHYeYPqB634FNJgJaPCyG2dABpckIqSkGhh3GgacWx62t+K3yfdZukKW7rf/rpM9bp3nK70u 9E9VdLWXH/NJ12VyJ36XW5qvsRN8oSC9as275/9m7Up/fbTkN999HXnZw/VPis8niUgf3fvf oS1HoTFVt1J/tkYfs/afVVn3HtZV9lyI4hY7JbRWbMfmrBjmyMtvJl84FLXdLIpbL01rvYoS S3FGoqEWc1FxIgAQIaQV/AIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/w3cIgFNaFpDah5E_7t1u6Wmlyag>
Subject: Re: [Unbearable] A storm in a cup of tea (related to draft-ietf-tokbind-protocol-13)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Mar 2017 19:44:34 -0000

On Sun, Mar 19, 2017 at 08:32:05PM +0100, Leif Johansson wrote:
> 
> > Hence, up to now, I consider that this comment has not been solved to my
> > satisfaction.
> 
> I don't understand what, if any you want the chairs or the WG to do
> based on this email.

I thought it was pretty clear that he wanted the new "client
collusion" section added to the document and content moved to it.

But, to add to your other message in the thread, we should be clear
that his satisfaction is not required for the document to move
forward.  The chairs have an obligation to consider faithfully any
potential issues that he raises (even if they were raised in a
repetitive and overbearing manner) and see them resolved or
dismissed with WG (rough) consensus, but his role is mostly limited
to raising potential issues and participating in WG consensus.  It
is possible for individual participants to not be part of the WG
consensus, and thus for documents to proceed over their objections.

-Ben