Re: [Uta] [OPS-DIR] Opsdir early review of draft-ietf-uta-rfc6125bis-08
Warren Kumari <warren@kumari.net> Fri, 16 December 2022 22:41 UTC
Return-Path: <warren@kumari.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CEE0C1524B2 for <uta@ietfa.amsl.com>; Fri, 16 Dec 2022 14:41:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O4mxMZh2ABL0 for <uta@ietfa.amsl.com>; Fri, 16 Dec 2022 14:41:35 -0800 (PST)
Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CABB6C14F722 for <uta@ietf.org>; Fri, 16 Dec 2022 14:41:35 -0800 (PST)
Received: by mail-qk1-x72a.google.com with SMTP id c9so1547791qko.6 for <uta@ietf.org>; Fri, 16 Dec 2022 14:41:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=7Nr3TfCxfBVYtcOsyHshlGvUHkrcoIn7HfctihjxwR0=; b=MGNCKVuFcViUfxv4gr/m3chJbPBqo6ZdA0WHAADN/NCQf7xDWvpMyvPJWuE30AToXi aECMr2dOb1EAyIMEWDEeDWgafV9RGsyyMr6hINPfhiufzxOpFxwblSAQTQHIFSqjw44H h9XSbnHGbAb7tm8L9d0T70nR336dIkUDIH/oMr4ADkmQ2VbWdsOz8RIswTP8HyL3dbc7 GnfJQmv/krTWh3rmPyhPHsjN6YGd7To8k1R6EpaIetNkgdHylyrULddiPVZ0mbxFA9VN n0I/rguG4mJfmFPXlXONEk+WOL7GexNTZDbyB/T3b5wmsE+5KFc/MC6Lo8kJyB3LYHNH w92g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7Nr3TfCxfBVYtcOsyHshlGvUHkrcoIn7HfctihjxwR0=; b=jGeGZWQpsxW2ztxLjEg+R3icSGSsDi52uS8I2V+GiP8OYixMCD0U0h4EMxwK0ypDXd xNhwKg7zmbnh1lUDe1MftEW71+yPTSWzs7kUjY2OuoFjUb1S0Bl4z+1MU7lfDaMSys6h EOtMcyh5ukRgYvBJrQJEUipN9aos8tSjiWY5gum3E6kmI0deAyxMeBbbQgFbnDy9geBG 8DQ1bzDqFhRZFmcZEN7+f67WV7jgZYnmtldqe1fG9VG5W/ntWl5ZAYRjeVf/Y7GtL0Tf axbpPNsEcNdDrCJuzkdKzgSi5ibYtOD16cgrap3TyNxBlLjsQqulIscboMmg+fpbPRhm Kd8Q==
X-Gm-Message-State: AFqh2koiSLmn+JRm95Un1gtVLRkqIv8up5wSrAOEoO6C50Sr3Gtt+Bqf SJZNsFdic6X+LSmxUMg6eezMDI02ml6zhTpf7MEO9w==
X-Google-Smtp-Source: AMrXdXvooUTnLArvyRDEnI8ESoM6ro4apU3jqQEqVGB95NnD7AEai5u51Qx5MZ+SiFTBSY2jdUrzZXHKxcjxnp6NmWc=
X-Received: by 2002:ae9:e111:0:b0:702:2f59:f4e with SMTP id g17-20020ae9e111000000b007022f590f4emr23897qkm.93.1671230493999; Fri, 16 Dec 2022 14:41:33 -0800 (PST)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Fri, 16 Dec 2022 17:41:33 -0500
Mime-Version: 1.0
In-Reply-To: <167118898179.47169.9284386753511380472@ietfa.amsl.com>
References: <167118898179.47169.9284386753511380472@ietfa.amsl.com>
X-Superhuman-Draft-ID: draft00b004a1e44c2c4e
From: Warren Kumari <warren@kumari.net>
X-Mailer: Superhuman iOS 10278
X-Superhuman-ID: lbr3h1zh.02f3df16-e8ab-4d59-9220-fcbb589ef006
Date: Fri, 16 Dec 2022 17:41:33 -0500
Message-ID: <CAHw9_iLMSC1o480XBgHNbxe4ZO+EVOSBxZO3O17D=CYwyuvGsQ@mail.gmail.com>
To: Qin Wu <bill.wu@huawei.com>
Cc: ops-dir@ietf.org, draft-ietf-uta-rfc6125bis.all@ietf.org, uta@ietf.org
Content-Type: multipart/alternative; boundary="000000000000eed8d505eff9ab5c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/ZU41ZpClm0L08PGyp2ooXmxZfZE>
Subject: Re: [Uta] [OPS-DIR] Opsdir early review of draft-ietf-uta-rfc6125bis-08
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2022 22:41:39 -0000
Just a very quick note to say thank you for the OpsDir review; it's much appreciated. W On Fri, Dec 16 2022 at 6:09 AM, Qin Wu <noreply@ietf.org> wrote: > Reviewer: Qin Wu > Review result: Has Nits > > I have reviewed this document as part of the Operational directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written with the intent of improving the operational > aspects of the IETF drafts. Comments that are not addressed in last call > may be included in AD reviews during the IESG review. Document editors and > WG chairs should treat these comments just like any other last call > comments. > > This document specifies procedures for representing and verifying the > application services identity in TLS interaction with PKI X.509 > certificates. > > I believe this document is well written and ready for publication. > > Major issue: > No > > Minor issues: > 1.Section 1.2 Applicability > s/ cetrificate/certificate > > 2. Delegated domain definition > “ For example, a server at mail.example.net could be a delegated domain > for connecting to an IMAP server hosting an email address of > user@example.net. ” I can not parse this sentence, is the server a > delegated domain? Which domain is the source domain? Which domain is > delegated domain ? please make this clear in the example. 3.Section 2 > Identifying Application Service What is meaning difference between _direct_ > and direct or _indirect_ and indirect? In section 2, sometimes > _direct_/_indirect_ is used, sometimes direct/indirect is used. > > 4.Section 2 said: > “ We can categorize the three identifier types as follows: > > * A DNS-ID is direct and unrestricted. > > * An IP-ID is direct and unrestricted. > > * An SRV-ID is typically indirect but can be direct, and is > restricted. > > * A URI-ID is direct and restricted. > ” > Three identifier types or four identifier types? My impression is the > latter. > > 5.Section 2 > s/possibile/possible > > 6.Section 3 said: > “In this case, applications need > to be aware that the textual representation of an IPv4 address can > appear to be a valid DNS name, though it is not. ” it in the text ‘though > it is not’ is referred to digit representation of an IPv4 address? Or not? > > 7.Section 7.1 > I am surprised there is no protection measures to mitigate risk of > vouching for rogue or buggy hosts in this document? > > _______________________________________________ > OPS-DIR mailing list > OPS-DIR@ietf.org > https://www.ietf.org/mailman/listinfo/ops-dir >
- [Uta] Opsdir early review of draft-ietf-uta-rfc61… Qin Wu via Datatracker
- Re: [Uta] [OPS-DIR] Opsdir early review of draft-… Warren Kumari
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Martin Thomson
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu