[xmpp] Benoit Claise's No Objection on draft-ietf-xmpp-dna-10: (with COMMENT)

"Benoit Claise" <bclaise@cisco.com> Thu, 06 August 2015 10:33 UTC

Return-Path: <bclaise@cisco.com>
X-Original-To: xmpp@ietfa.amsl.com
Delivered-To: xmpp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 042FC1B2C4B; Thu, 6 Aug 2015 03:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gtq1_9PcKA9w; Thu, 6 Aug 2015 03:33:42 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2998E1B2C48; Thu, 6 Aug 2015 03:33:42 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "Benoit Claise" <bclaise@cisco.com>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.3.0.p1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150806103342.2703.18148.idtracker@ietfa.amsl.com>
Date: Thu, 06 Aug 2015 03:33:42 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/xmpp/h-mw21z3Yv9wKE41GY5CUhtJM60>
Cc: draft-ietf-xmpp-dna.ad@ietf.org, draft-ietf-xmpp-dna@ietf.org, xmpp-chairs@ietf.org, xmpp@ietf.org, mjethanandani@gmail.com, draft-ietf-xmpp-dna.shepherd@ietf.org
Subject: [xmpp] Benoit Claise's No Objection on draft-ietf-xmpp-dna-10: (with COMMENT)
X-BeenThere: xmpp@ietf.org
X-Mailman-Version: 2.1.15
List-Id: XMPP Working Group <xmpp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/xmpp>, <mailto:xmpp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/xmpp/>
List-Post: <mailto:xmpp@ietf.org>
List-Help: <mailto:xmpp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/xmpp>, <mailto:xmpp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 10:33:45 -0000

Benoit Claise has entered the following ballot position for
draft-ietf-xmpp-dna-10: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-xmpp-dna/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

The conversation started between Mahesh (OPS-DIR reviewer) and the
authors on the following points:

Summary: 

This document defines new “prooftype” used to establish a strong
association between a domain name and an XML stream. There are two
companion documents draft-ietf-xmpp-posh-04 and draft-ietf-dane-srv-12
that should be viewed as part of reviewing this document.

If there are any management requirements to configure the new
“prooftype”, they have not been discussed as part of this document. I did
not review the companion documents to see if management of the feature
has been addressed in them. This document should talk about how the
feature will be managed, even if it means referring to relevant sections
of the other documents. If there is a need to define a YANG model to
configure the feature, it should be identified, even if it is not defined
in this document.

>From an operational perspective, it would be helpful to know how this
would be deployed in the field. Are there any issues beyond certificate
configuration that operators should be aware of? Some of the services are
replacements for existing services, e.g. DNS with secure DNS. How would
the operators role out the service in the field with existing
service(s)?

Section 3:

The document talks about establishing a client to server Domain Name
Association (DNA) in this section. This is a simpler case of the server
to server DNA. However, it is not clear what happens if the certificate
verification fails. Is the behavior the same as when a self-signed
certificate is presented? Is there a fallback process or does the session
just terminate?

In addition, the following nits should be addressed in the document.

  Checking nits according to http://www.ietf.org/id-info/checklist :
 
----------------------------------------------------------------------------

  == There are 2 instances of lines with non-RFC2606-compliant FQDNs in
the
     document.


  Checking references for intended status: Proposed Standard
 
----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative
references
     to lower-maturity documents in RFCs)

  == Outdated reference: A later version (-14) exists of
     draft-ietf-dane-srv-12

  ** Downref: Normative reference to an Informational RFC: RFC 4949

  -- Possible downref: Non-RFC (?) normative reference: ref. 'XEP-0220'

  == Outdated reference: draft-ietf-uta-xmpp has been published as RFC
7590

  -- Obsolete informational reference (is this intentional?): RFC 3920
     (Obsoleted by RFC 6120)


     Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 3 comments
(—).


Thanks.