headers
Francis Dupont | 2 Nov 2009 16:14
Picon

review of draft-ietf-hokey-preauth-ps-09.txt

I have been selected as the General Area Review Team (Gen-ART) 
reviewer for this draft (for background on Gen-ART, please see 
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). 

Please resolve these comments along with any other Last Call comments 
you may receive. 

Document: draft-ietf-hokey-preauth-ps-09.txt
Reviewer: Francis Dupont
Review Date: 2009/10/29
IETF LC End Date: 2009/10/21
IESG Telechat date: unknown

Summary: Ready

Major issues: None

Minor issues: None

Nits/editorial comments: 
 - Abstract page 2: Extensible Authentication Protocol -> ... (EAP)

 - Introduction page 4: authentication and authorization -> plural
  (this -> these, requires -> require)

 - 3.3.1 page 8: two forms:. ... -> two forms: horizontal and vertical.
  (or: Horizontal and Vertical.)

 - 5 page 10: portion -> part?
(Continue reading)

Permalink | Reply | 2 comments |
headers
Francis Dupont | 2 Nov 2009 16:33
Picon

review of draft-ietf-6man-overlap-fragment-03.txt

I have been selected as the General Area Review Team (Gen-ART) 
reviewer for this draft (for background on Gen-ART, please see 
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). 

Please resolve these comments along with any other Last Call comments 
you may receive. 

Document: draft-ietf-6man-overlap-fragment-03.txt
Reviewer: Francis Dupont
Review Date: 2009-10-29
IETF LC End Date: 2009-11-02
IESG Telechat date: unknown

Summary: Ready

Major issues: None

Minor issues: None

Personal comment as a IPv6 implementor: overlapping fragments have no
utility in IPv6 so I never added code to support them. BTW the specs
just didn't disallow them (at explained in the introduction but not
in the Abstract) and most implementors didn't care. Some lazy copied
the IPv4 code and removed the overlap support to get something simpler,
some are so lazy they kept everything... But to explicitely disallow
them is the right idea.
BTW I remember an old paper about BRO (before the IDSs :-) where a
fragmentation/segmentation overlap was found bad, so it is not new
(i.e., it is older than IPv6...).
(Continue reading)

Permalink | Reply | 0 comments |
headers
Qin Wu | 3 Nov 2009 03:59
Favicon

Re: review of draft-ietf-hokey-preauth-ps-09.txt

Hi,
Thank for your taking time review. We will take care of your precious comments soon!

Regards!
-Qin 
----- Original Message ----- 
From: "Francis Dupont" <Francis.Dupont <at> fdupont.fr>
To: <gen-art <at> ietf.org>
Cc: <yohba <at> tari.toshiba.com>; <sunseawq <at> huawei.com>; <gwz <at> net-zen.net>; <tim.polk <at> nist.gov>
Sent: Monday, November 02, 2009 11:14 PM
Subject: review of draft-ietf-hokey-preauth-ps-09.txt

>I have been selected as the General Area Review Team (Gen-ART) 
> reviewer for this draft (for background on Gen-ART, please see 
> http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). 
> 
> Please resolve these comments along with any other Last Call comments 
> you may receive. 
> 
> Document: draft-ietf-hokey-preauth-ps-09.txt
> Reviewer: Francis Dupont
> Review Date: 2009/10/29
> IETF LC End Date: 2009/10/21
> IESG Telechat date: unknown
> 
> Summary: Ready
> 
> Major issues: None
> 
> Minor issues: None
(Continue reading)

Permalink | Reply | 0 comments |
headers
Gonzalo Camarillo | 4 Nov 2009 12:34
Picon
Favicon

Re: Gen-art review of draft-ietf-mmusic-rfc3388bis-03.txt

Hi Elwyn,

thanks for your review. Answers inline:

Elwyn Davies wrote:
> I have been selected as the General Area Review Team (Gen-ART)
> reviewer for this draft (for background on Gen-ART, please see
> _http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html_).
> 
> Please resolve these comments along with any other Last Call comments
> you may receive.
> 
> [Apologies fhe late review. I missed the assignment while I was away on 
> holiday.]
> 
> Document: draft-ietf-mmusic-rfc3388bis-03.txt
> Reviewer: Elwyn Davies
> Review Date: 17 October 2009
> IETF LC End Date: 14 October 2009
> IESG Telechat date: (if known) -
> 
> Summary: Almost ready.  Couple of minor nits only.
> Major issues: 0
> 
> Minor issues: 2
> ss4 and 5:  Technically the BNF in these sections is ABNF (since it adds 
> to that in RFC 4566). It should therefore be described as such and refer 
> to RFC 4234.

I fixed this while addressing the discusses this document got.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Elwyn Davies | 4 Nov 2009 20:49

Re: Gen-art review of draft-ietf-mmusic-rfc3388bis-03.txt

Gonzalo Camarillo wrote:
> Hi Elwyn,
>
> thanks for your review. Answers inline:
>
> Elwyn Davies wrote:
>> I have been selected as the General Area Review Team (Gen-ART)
>> reviewer for this draft (for background on Gen-ART, please see
>> _http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html_).
>>
>> Please resolve these comments along with any other Last Call comments
>> you may receive.
>>
>> [Apologies fhe late review. I missed the assignment while I was away 
>> on holiday.]
>>
>> Document: draft-ietf-mmusic-rfc3388bis-03.txt
>> Reviewer: Elwyn Davies
>> Review Date: 17 October 2009
>> IETF LC End Date: 14 October 2009
>> IESG Telechat date: (if known) -
>>
>> Summary: Almost ready.  Couple of minor nits only.
>> Major issues: 0
>>
>> Minor issues: 2
>> ss4 and 5:  Technically the BNF in these sections is ABNF (since it 
>> adds to that in RFC 4566). It should therefore be described as such 
>> and refer to RFC 4234.
>
(Continue reading)

Permalink | Reply | 1 comment |
headers
Gonzalo Camarillo | 6 Nov 2009 08:21
Picon
Favicon

Re: Gen-art review of draft-ietf-mmusic-rfc3388bis-03.txt

Hi Elwyn,

I have made the change you suggested. I will be submitting a new 
revision right after the blackout period.

Thanks,

Gonzalo

Elwyn Davies wrote:
> Gonzalo Camarillo wrote:
>> Hi Elwyn,
>>
>> thanks for your review. Answers inline:
>>
>> Elwyn Davies wrote:
>>> I have been selected as the General Area Review Team (Gen-ART)
>>> reviewer for this draft (for background on Gen-ART, please see
>>> _http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html_).
>>>
>>> Please resolve these comments along with any other Last Call comments
>>> you may receive.
>>>
>>> [Apologies fhe late review. I missed the assignment while I was away 
>>> on holiday.]
>>>
>>> Document: draft-ietf-mmusic-rfc3388bis-03.txt
>>> Reviewer: Elwyn Davies
>>> Review Date: 17 October 2009
>>> IETF LC End Date: 14 October 2009
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mary Barnes | 7 Nov 2009 08:44
Favicon

A *new* batch of IETF LC reviews - 5 Nov 2009

Hi all,

Here's the link to the new LC assignments for this week:
http://www.softarmor.com/rai/temp-gen-art/reviewers-091105-lc.html

The assignments are captured in the spreadsheets:
http://www.softarmor.com/rai/temp-gen-art/gen-art.html
http://www.softarmor.com/rai/temp-gen-art/gen-art-by-reviewer.html

The standard template is included below.
Thanks,
Mary.

-------------------------------------------------------------------
I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

Please resolve these comments along with any other Last Call comments
you may receive.

Document:
Reviewer:
Review Date:
IETF LC End Date:
IESG Telechat date: (if known)

Summary:

Major issues:

Minor issues:

Nits/editorial comments:





_______________________________________________
Gen-art mailing list
Gen-art <at> ietf.org
https://www.ietf.org/mailman/listinfo/gen-art
Permalink | Reply | 0 comments |
headers
Avshalom Houri | 10 Nov 2009 11:25
Picon
Favicon

Gen Art LC review of draft-hammer-oauth-03

I have been selected as the General Area Review Team (Gen-ART)
reviewer for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-hammer-oauth-03
Reviewer: Avshalom Houri
Review Date: 2009-11-10
IETF LC End Date: 2009-11-06
IESG Telechat date: (if known)

Summary: Draft is almost ready. Needs some more work to improve readability and structure.

Major issues:

Section 3.3.1.1.  Collect Request Parameters. It is very hard to understand this whole section. It seems that it belongs more to the later parts of the document.

Minor issues:

Lines 421-423:
   nor does it include most HTTP entity-headers.  The importance of the
   signature base string scope is that the authenticity of the excluded
   components cannot be verified using the signature.

Could not understand the sentence starting with "The importance"

Lines 627-636
   4.  If the URI includes an empty path, it MUST be included as "/".

   For example:

   +----------------------------------+-------------------------------+
   | The request URI                  | Is included in base string as |
   +----------------------------------+-------------------------------+
   | HTTP://EXAMPLE.com:80/r/x?id=123 | http://example.com/r/x        |
   | https://example.net:8080?q=1#top | https://example.net:8080/     |
   +----------------------------------+-------------------------------+

Does it mean that the granularity here is only for whole resource? If so
it should be mentioned somewhere.

Section 4. Redirection-Based Authorization seems to be more correctly placed in the beginning of the document.

Section 6. Security Considerations

I like the detailed explanations but it may be good to have some preface that will describe the class of threats described etc.

Appendix should be part of the document as an example.

Nits/editorial comments:

Line: 360:
   A nonce is a random string, uniquely generated to allows the server
->    A nonce is a random string, uniquely generated to allow the server

Line 378:
  client needs to prove it is the rightful owner of the credentials.
->    client needs to prove that it is the rightful owner of the credentials.

Line 405:
   (or a sting of an equivalent value), and includes it in the
->    (or a string of an equivalent value), and includes it in the


Thanks & sorry for the late review
--Avshalom


_______________________________________________
Gen-art mailing list
Gen-art <at> ietf.org
https://www.ietf.org/mailman/listinfo/gen-art
Permalink | Reply | 1 comment |
headers
Henrik Levkowetz | 11 Nov 2009 09:12
Gravatar

WG Chairs' Beer Evening in Hiroshima

Hi,

    You're all welcome to the traditional WG Chair's beer evening after
the Plenary on Wednesday, in the Kemby's Cafe, a short walk from the
ANA hotel.  Here's a google map showing where:

  http://maps.google.com/maps?q=kemby%27s&sspn=0.010978,0.015063&ll=34.39163,132.45689&iwloc=A

You'll probably want to try the Asahi Dark lager -- I first tried it during
the Yokohama IETF, and it was then one of the better dark lager I'd tasted.

Best,

	Henrik
Permalink | Reply | 0 comments |
headers
Brian E Carpenter | 12 Nov 2009 02:09
Picon

Gen-ART LC review of draft-dusseault-http-patch-15.txt

gmane.ietf.general
I have been selected as the General Area Review Team (Gen-ART) reviewer
for this draft (for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

Please resolve these comments along with any other Last Call comments
you may receive.

Document: draft-dusseault-http-patch-15.txt
Reviewer: Brian Carpenter
Review Date: 2009-11-12
IETF LC End Date: 2009-11-24
IESG Telechat date: 

Summary: Issue with transactional integrity
--------

Comment:   
--------

I have not had time to follow all the Last Call comments on the IETF list.
Apologies for any overlap.

Major issues:
-------------

As far as I can tell, the proposal places the burden for ensuring
atomicity entirely on the server. However, PATCH is explicitly not 
idempotent. If a client issues a PATCH, and the server executes the PATCH,
but the client then fails to receive an indication of success due to
an extraneous network glitch (and TCP reset?), then what prevents the client
issuing the same PATCH again? In other words, absent a two-phase commit,
there appears to be no transactional integrity.

If I have understood this correctly, PATCH is not only not safe in
the RFC2616 sense, it is not transactionally safe either, so the state
of the resource after {PATCH, lost response code, PATCH} is undefined.

I don't believe that the non-normative words starting "Clients wishing to 
apply a patch document to a known entity..." are anything like enough to 
fix this problem. I don't know enough to know whether some normative text
using ETag is sufficient (it's clear from the draft that If-Unmodified-Since
is insufficient). This doesn't seem easy to fix without adding a 
"ready to commit"/"commit" exchange, which also needs transaction IDs 
(perhaps based on strong ETags) and a new state machine at each end.

I'd be glad to learn that I'm missing something.
_______________________________________________
Gen-art mailing list
Gen-art <at> ietf.org
https://www.ietf.org/mailman/listinfo/gen-art
Permalink | Reply | 25 comments |

Gmane