Personal Assertion Token (PASSporT) Extension for Resource Priority Authorization
draft-ietf-stir-rph-06
Yes
(Adam Roach)
(Spencer Dawkins)
No Objection
(Alexey Melnikov)
(Alissa Cooper)
(Alvaro Retana)
(Deborah Brungard)
(Eric Rescorla)
(Martin Vigoureux)
(Mirja Kühlewind)
(Suresh Krishnan)
(Terry Manderson)
No Record
Note: This ballot was opened for revision 03 and is now closed.
Adam Roach Former IESG member
Yes
Yes
(for -03)
Unknown
Ben Campbell Former IESG member
(was Discuss)
Yes
Yes
(2018-05-17 for -05)
Unknown
Thank you for addressing my first discussion point and comments. I still have a concern on the second discuss point:
§7.2:
o The verification of the signature MUST include means of verifying
that the signer is authoritative for the signed content of the
resource priority namespace in the PASSporT."
The authors explained via email that they expect this to depend on some ATIS work. I understand that such work is in progress, but has not reached the point of being citable. I don't want to see this document blocked on that work, so I cleared my discuss. However, I still think it would be a good idea to add some scoping text early in the document to the effect that this mechanism is intended for environments where some means of verifying that the signer is authoritative is available. (In addition to keeping the normative text in §7.2)
Spencer Dawkins Former IESG member
Yes
Yes
(for -03)
Unknown
Alexey Melnikov Former IESG member
No Objection
No Objection
(for -03)
Unknown
Alissa Cooper Former IESG member
No Objection
No Objection
(for -03)
Unknown
Alvaro Retana Former IESG member
No Objection
No Objection
(for -03)
Unknown
Benjamin Kaduk Former IESG member
No Objection
No Objection
(2018-04-18 for -03)
Unknown
I support Ben's discuss. Thank you for working with the secdir reviewer to address those comments; I think it will really improve the document. In a similar vein, I wonder if this document would be easier to read if it used less formal description terms for protocol elements that are currently referred to by using the actual protocol element (with quotes around the name). For example, "SIP resource priority header" instead of "'Resource-Priority' header field", or "priority indicator" instead of "'namespace"."priority value"'. I'm a little confused why the new registry created in Section 6.2 is tied to the "resource priority header" (rph) name, when the discussion in Section 5 has some potential envisioned use cases that are broader than resource priority. As Ben notes, there are some stale references. Please double-check the referred section numbers as well; in particular "Section 10.1 of [4474bis]" does not exist in the only February-2017 verions of that draft. Section 7.2 uses "authority" in a couple of different senses; it might be easier on the reader to refer to the authority (protocol participant) as being "authoritative for the content of [stuff] that it signs".
Deborah Brungard Former IESG member
No Objection
No Objection
(for -03)
Unknown
Eric Rescorla Former IESG member
No Objection
No Objection
(for -03)
Unknown
Martin Vigoureux Former IESG member
No Objection
No Objection
(for -03)
Unknown
Mirja Kühlewind Former IESG member
No Objection
No Objection
(for -03)
Unknown
Suresh Krishnan Former IESG member
No Objection
No Objection
(for -03)
Unknown
Terry Manderson Former IESG member
No Objection
No Objection
(for -03)
Unknown
Ignas Bagdonas Former IESG member
No Record
No Record
(2018-04-19 for -03)
Unknown
NO RECORD, ran out of time for reviewing this document.