[kitten] Gen-art LC review: draft-ietf-kitten-rfc6112bis-02

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[kitten] Gen-art LC review: draft-ietf-kitten-rfc6112bis-02

Robert Sparks

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-kitten-rfc6112bis-02
Reviewer: Robert Sparks
Review Date: 21 Oct 2016
IETF LC End Date:  2 Nov 2016
IESG Telechat date: Not yet scheduled on a telechat

Summary: Ready with nits

Nits/editorial comments:

Shouldn't the IANA considerations instruct IANA to update the registries at http://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml to update the three rows that currently point to 6112 to point to this document instead (or at least in addition to 6112)?

Micro-nit: There is a 2119 MUST carried forward from RFC6112 that could be improved if the group is willing. "Care MUST be taken by the TGS to not reveal". I would suggest "The TGS MUST NOT reveal...". If you need to further highlight care, add a sentence that says "Implementers need to be particularly careful when addressing this requirement." It is a very small nit - please feel free to ignore it.



_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] Gen-art LC review: draft-ietf-kitten-rfc6112bis-02

Benjamin Kaduk-2
On Fri, 21 Oct 2016, Robert Sparks wrote:

> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
>
> For more information, please see the FAQ at
>
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>
> Document: draft-ietf-kitten-rfc6112bis-02
> Reviewer: Robert Sparks
> Review Date: 21 Oct 2016
> IETF LC End Date: 2 Nov 2016
> IESG Telechat date: Not yet scheduled on a telechat
>
> Summary: Ready with nits
>
> Nits/editorial comments:
>
> Shouldn't the IANA considerations instruct IANA to update the registries at
> http://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml
> to update the three rows that currently point to 6112 to point to this
> document instead (or at least in addition to 6112)?

Yes, thanks for spotting that.

> Micro-nit: There is a 2119 MUST carried forward from RFC6112 that could be
> improved if the group is willing. "Care MUST be taken by the TGS to not
> reveal". I would suggest "The TGS MUST NOT reveal...". If you need to further
> highlight care, add a sentence that says "Implementers need to be particularly
> careful when addressing this requirement." It is a very small nit - please
> feel free to ignore it.

That looks like a good change to me.  Folks on kitten@, does anyone think
otherwise?  If we do not get any objections, I think we can include that
in an RFC Editor Note.

-Ben

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] Gen-art LC review: draft-ietf-kitten-rfc6112bis-02

Shawn M Emery
On 10/23/16 12:22 PM, Benjamin Kaduk wrote:

> On Fri, 21 Oct 2016, Robert Sparks wrote:
>
>> I am the assigned Gen-ART reviewer for this draft. The General Area
>> Review Team (Gen-ART) reviews all IETF documents being processed
>> by the IESG for the IETF Chair.  Please treat these comments just
>> like any other last call comments.
>>
>> For more information, please see the FAQ at
>>
>> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>>
>> Document: draft-ietf-kitten-rfc6112bis-02
>> Reviewer: Robert Sparks
>> Review Date: 21 Oct 2016
>> IETF LC End Date: 2 Nov 2016
>> IESG Telechat date: Not yet scheduled on a telechat
>>
>> Summary: Ready with nits
>>
>> Nits/editorial comments:
>>
>> Shouldn't the IANA considerations instruct IANA to update the registries at
>> http://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml
>> to update the three rows that currently point to 6112 to point to this
>> document instead (or at least in addition to 6112)?
> Yes, thanks for spotting that.

Yes, thank you for your review.

>> Micro-nit: There is a 2119 MUST carried forward from RFC6112 that could be
>> improved if the group is willing. "Care MUST be taken by the TGS to not
>> reveal". I would suggest "The TGS MUST NOT reveal...". If you need to further
>> highlight care, add a sentence that says "Implementers need to be particularly
>> careful when addressing this requirement." It is a very small nit - please
>> feel free to ignore it.
> That looks like a good change to me.  Folks on kitten@, does anyone think
> otherwise?  If we do not get any objections, I think we can include that
> in an RFC Editor Note.
>

Agreed, however I noticed another area that could use better 2119
language in regards to this.  Here are the proposed updates:

OLD:
Care MUST be taken by the KDC not to reveal the client's identity in the
authorization data of the returned ticket when populating the
authorization data in a returned anonymous ticket.
NEW:
The KDC MUST NOT reveal the client's identity in the authorization data
of the returned ticket when populating the authorization data in a
returned anonymous ticket.

OLD:
Care MUST be taken by the TGS not to reveal the client's identity in the
authorization data of the returned ticket.
NEW:
The TGS MUST NOT reveal the client's identity in the authorization data
of the returned ticket.


I have the following RFC Editor notes to date (including the above):

Section: 9.  Acknowledgements
-----------------------------------------
OLD:
9.  Acknowledgements
NEW:
9.  Acknowledgments

Greg Hudson and Robert Sparks had provided helpful text in the bis
version of the draft.

Section: 10.  IANA Considerations:
---------------------------------------------
<Note to IANA>

         Please update the following Kerberos Parameters registries:

         Well-Known Kerberos Principal Names
         Well-Known Kerberos Realm Names
         Pre-authentication and Typed Data

         to reference this RFC instead of RFC6112.

Shawn.
--

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] Gen-art LC review: draft-ietf-kitten-rfc6112bis-02

Benjamin Kaduk-2
On Mon, 24 Oct 2016, Shawn M Emery wrote:

>
> Agreed, however I noticed another area that could use better 2119 language in
> regards to this.  Here are the proposed updates:
>
> OLD:
> Care MUST be taken by the KDC not to reveal the client's identity in the
> authorization data of the returned ticket when populating the authorization
> data in a returned anonymous ticket.
> NEW:
> The KDC MUST NOT reveal the client's identity in the authorization data of the
> returned ticket when populating the authorization data in a returned anonymous
> ticket.
>
> OLD:
> Care MUST be taken by the TGS not to reveal the client's identity in the
> authorization data of the returned ticket.
> NEW:
> The TGS MUST NOT reveal the client's identity in the authorization data of the
> returned ticket.

Those do look like parallel constructions that should get the same
treatment.  Thanks for spotting it.

-Ben

_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten
Reply | Threaded
Open this post in threaded view
|

[kitten] Gen-art Telechat review: draft-ietf-kitten-rfc6112bis-03

Robert Sparks
In reply to this post by Robert Sparks

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please wait for direction from your
document shepherd or AD before posting a new version of the draft.

For more information, please see the FAQ at

<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-kitten-rfc6112bis-03
Reviewer: Robert Sparks
Review Date: 28 Nov 2016
IETF LC End Date: 2 Nov 2016
IESG Telechat date: 1 Dec 2016

Summary: Ready for publication as Proposed Standard

Thanks for addressing my comments on -02


_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten
Reply | Threaded
Open this post in threaded view
|

Re: [kitten] Gen-art Telechat review: draft-ietf-kitten-rfc6112bis-03

Jari Arkko-2
Thanks for your review, Robert, and thanks everyone for addressing the earlier comments.

Jari


_______________________________________________
Kitten mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/kitten

signature.asc (859 bytes) Download Attachment