[xmpp] Stephen Farrell's No Objection on draft-ietf-xmpp-posh-04: (with COMMENT)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Wed, 05 August 2015 15:04 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE86C1B2FE3; Wed, 5 Aug 2015 08:04:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wh7hyvFpcrzf; Wed, 5 Aug 2015 08:04:04 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A831D1B30AC; Wed, 5 Aug 2015 08:02:44 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.3.0.p1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150805150244.8466.87044.idtracker@ietfa.amsl.com>
Date: Wed, 05 Aug 2015 08:02:44 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/xmpp/TE5rsEM27CSPDsYQKD3ZO0_RjK0>
Cc: draft-ietf-xmpp-posh.shepherd@ietf.org, xmpp-chairs@ietf.org, xmpp@ietf.org, draft-ietf-xmpp-posh.ad@ietf.org, draft-ietf-xmpp-posh@ietf.org
Subject: [xmpp] Stephen Farrell's No Objection on draft-ietf-xmpp-posh-04: (with COMMENT)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 15:04:06 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-xmpp-posh-04: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-xmpp-posh/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------



3.1: fingerprints: sigh, I wish we could agree to just
do this kind of thing a few times and not re-do it over
and over and over (but we always do;-). RFC6920 could
probably have been used there (caveat lector: that's an
RFC I'm a co-author on). 

3.1: fingerprints - your hash input here is the entire
cert so the value will be out of date when a cert
expires (or is revoked). While 3.3 makes clear that
a match on any of these is ok, I think it'd be good
to say here that the hashes may be of different certs. 
You do clarify in section 7, but I'd suggest moving
section 7 into 3.1 myself. (I don't object if you
prefer to not change though.)

3.2: A "MUST use HTTPS" statement might have been nice
there. It's not absolutely needed but would maybe be
something to help an implementer not get this wrong by
just using some generic URL handling library without a
check for scheme==https.

section 6: surely the cache expiry ought be the earliest
of the possibly two POST expires or the X.509 notAfter?

section 8: see my comments on draft-dna, I think the
.well-known URIs should be here and not there. But
it works as-is too, even if ickky:-)

section 8: I dislike the "{servicedesc}" thing, but
that's just me. Breaking down servicedesc further into
"{service}.{proto}" is worse though, I don't get why
that's a good idea at all, nor the "_" convention. If
you want/need all that you should've just registered
"posh" as a well-known and then said the the rest of the
pathname was whatever structure you needed and not
possibly end up registering loads of DNA .well-known
URLs.

section 9: section 8 is IMO an IANA section, so you're
fibbing here:-)

- 11.2: odd one this but [HASH-NAMES] might be better
in 11.1. I won't try force you to do that though as
it may be messy.