A Location Dereference Protocol Using HTTP-Enabled Location Delivery (HELD)
draft-ietf-geopriv-deref-protocol-07
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-07-27
|
07 | Cindy Morgan | State changed to RFC Ed Queue from Approved-announcement sent |
2012-07-26
|
07 | (System) | IANA Action state changed to No IC |
2012-07-26
|
07 | Cindy Morgan | State changed to Approved-announcement sent from IESG Evaluation::AD Followup |
2012-07-26
|
07 | Cindy Morgan | IESG has approved the document |
2012-07-26
|
07 | Cindy Morgan | Closed "Approve" ballot |
2012-07-26
|
07 | Cindy Morgan | Ballot approval text was generated |
2012-07-26
|
07 | Robert Sparks | Ballot writeup was changed |
2012-07-26
|
07 | Robert Sparks | [Ballot Position Update] Position for Robert Sparks has been changed to Yes from Discuss |
2012-07-19
|
07 | Robert Sparks | [Ballot discuss] Holding a discuss while the conversation at completes. |
2012-07-19
|
07 | Robert Sparks | [Ballot Position Update] Position for Robert Sparks has been changed to Discuss from Yes |
2012-07-15
|
(System) | Posted related IPR disclosure: Todd S. Glassey's Statement about IPR related to draft-ietf-geopriv-deref-protocol | |
2012-07-13
|
07 | Martin Thomson | New version available: draft-ietf-geopriv-deref-protocol-07.txt |
2012-07-12
|
06 | Sean Turner | [Ballot comment] Thanks fixing this up. |
2012-07-12
|
06 | Sean Turner | [Ballot Position Update] Position for Sean Turner has been changed to No Objection from Discuss |
2012-07-12
|
(System) | Posted related IPR disclosure: Patent Recovery Corp (Glassey/McNeil)'s Statement about IPR related to draft-ietf-geopriv-deref-protocol-06 and (most all GeoPriv, DNSSec, and timestamping protocols will also infringe) | |
2012-07-11
|
06 | Stephen Farrell | [Ballot comment] Thanks for addressing my discuss and making the requirement for TLS clear. |
2012-07-11
|
06 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2012-07-11
|
06 | Martin Thomson | New version available: draft-ietf-geopriv-deref-protocol-06.txt |
2012-06-09
|
05 | Pete Resnick | [Ballot comment] Thanks for addressing the rest of my comments. A great improvement. Section 4: I think a good deal of this section should be … [Ballot comment] Thanks for addressing the rest of my comments. A great improvement. Section 4: I think a good deal of this section should be rewritten in a more subjunctive form. As far as I can tell, none of the information in this section is required for implementation, and much of it is not done. For example: In this model, possession - or knowledge - of the location URI is used to control access to location information. A location URI is constructed such that it is hard to guess (see C8 of [RFC5808]) and the set of entities that it is disclosed to is limited. I think more accurately this should say: In this model, possession - or knowledge - of the location URI can be used to control access to location information. A location URI might be constructed such that it is hard to guess (see C8 of [RFC5808]) or the set of entities that it is disclosed to can be limited. Yes, this is only stylistic, but I think it conveys the right message, that generally authorization is not done and not understood for the protocol; URIs are simply accepted and it is hoped that they are being used by only the entities you want to have them. |
2012-06-09
|
05 | Pete Resnick | [Ballot Position Update] Position for Pete Resnick has been changed to No Objection from Discuss |
2012-05-11
|
05 | Sean Turner | [Ballot discuss] Updated for -05: My original discuss was: 1) This is along the same lines as Stephen's #1. s3.1: Just to make sure I … [Ballot discuss] Updated for -05: My original discuss was: 1) This is along the same lines as Stephen's #1. s3.1: Just to make sure I understand Authorization by Possession could just as easily have been called Authorization by Obscure URI? These seems like security through obscurity. Also, shouldn't there be some kind of statement like at a minimum: The use of this model SHOULD involve the use of TLS? Actually based on s4 shouldn't that be a MUST? s4 contains the following: The Location Recipient establishes a connection to the LS, as described in [RFC2818]. The TLS ciphersuite TLS_NULL_WITH_NULL_NULL MUST NOT be used. The LS MUST be authenticated to ensure that the correct server is contacted. I read that as HTTPS MUST be used. If that is how you intended it, can't you just say that instead? s6 says s4 says it's strong RECOMMENDED, but I don't see that in s4. I like the updated text and agree with Stephen. |
2012-05-11
|
05 | Sean Turner | Ballot comment and discuss text updated for Sean Turner |
2012-05-10
|
05 | Stephen Farrell | [Ballot discuss] Updated for -05: My original discuss said: "#1 The draft is (a little) inconsistent about the requirement to *use* TLS. Section 1, end … [Ballot discuss] Updated for -05: My original discuss said: "#1 The draft is (a little) inconsistent about the requirement to *use* TLS. Section 1, end of 3rd para says this "requires use of TLS", but elsewhere (e.g. section 4, 2nd para) you say that this defines how to use "http:" URIs and the security considerations says only that TLS is "strongly RECOMMENDED." I'd prefer it all to say that you MUST use TLS always, but it at least needs to be consistent doesn't it? This should be an easy fix, I guess." The document is now consistent (thanks) with a SHOULD use TLS. I'd still prefer a MUST use, but if you are going to stay with SHOULD then I think, for this use, you really need to say something about when its ok to not use TLS. |
2012-05-10
|
05 | Stephen Farrell | Ballot comment and discuss text updated for Stephen Farrell |
2012-05-07
|
05 | Martin Thomson | New version available: draft-ietf-geopriv-deref-protocol-05.txt |
2011-12-15
|
04 | Cindy Morgan | Removed from agenda for telechat |
2011-12-15
|
04 | Cindy Morgan | State changed to IESG Evaluation::AD Followup from IESG Evaluation. |
2011-12-15
|
04 | Cindy Morgan | Ballot writeup text changed |
2011-12-15
|
04 | Cindy Morgan | Ballot writeup text changed |
2011-12-15
|
04 | Pete Resnick | [Ballot comment] Section 1: Lots of redundant text. Could use an edit. A single paragraph is probably sufficient. I also find the diagram not terribly … [Ballot comment] Section 1: Lots of redundant text. Could use an edit. A single paragraph is probably sufficient. I also find the diagram not terribly useful in the intro. Section 3: I actually found this discussion rather confusing and unnecessary. "Authorization by Posession" is often equivalent to no authorization at all. For certain resources that require no particular protection, there needn't be any obscuration by "hard to guess" URIs, and there needn't be a Rule Maker in existence at all. On the flip side, Authorization via Access Control needn't involve a policy document at all: regular HTTP authenthication could be used with a username and password, and access control can be handled entirely by the HTTP server, again without a Rule Maker. (Of course, in each case there is theoretically a "Rule Maker", but that is so theoretical as to make the entity of little use conceptually.) No matter the authorization and authentication used, Posession is still required, so I don't see that as a useful concept. I would be happy if this section simply eliminated the concept of "Authorization by Posession" and simply talked about different authorization and authentication methods. I think it would also be fine to leave this entire discussion to the policy document. But at the very least, I think you should mention that Authorization by Posession does not require a Rule Maker or a policy or making URIs hard to guess, though those are options to make access to location information more controlled. |
2011-12-15
|
04 | Pete Resnick | [Ballot discuss] Sections 3.2/3.3: Only after a conversation with Robert have I understood that the beginning of section 3.3 is the main point of this … [Ballot discuss] Sections 3.2/3.3: Only after a conversation with Robert have I understood that the beginning of section 3.3 is the main point of this document: This document defines a way for a third party to use HELD to obtain location by reference, and that the only authorization to acquire that location is "Authorization by Possession." This may be clear to those who have been intimately involved in the discussion all along, but it isn't clear from the document. I'd (strongly) suggest that somehow that first paragraph of 3.3 be moved up in the document, that section 3 and 4 of the document get swapped (since as far as I can tell nothing in 4 depends on 3), and that section 3 be appropriately labeled as "Informational Future Considerations for Authorization", which is all that it really is. |
2011-12-15
|
04 | Pete Resnick | [Ballot Position Update] Position for Pete Resnick has been changed to Discuss from No Objection |
2011-12-15
|
04 | Pete Resnick | [Ballot comment] Section 1: Lots of redundant text. Could use an edit. A single paragraph is probably sufficient. I also find the diagram not terribly … [Ballot comment] Section 1: Lots of redundant text. Could use an edit. A single paragraph is probably sufficient. I also find the diagram not terribly useful in the intro. Section 3: I actually found this discussion rather confusing and unnecessary. "Authorization by Posession" is often equivalent to no authorization at all. For certain resources that require no particular protection, there needn't be any obscuration by "hard to guess" URIs, and there needn't be a Rule Maker in existence at all. On the flip side, Authorization via Access Control needn't involve a policy document at all: regular HTTP authenthication could be used with a username and password, and access control can be handled entirely by the HTTP server, again without a Rule Maker. (Of course, in each case there is theoretically a "Rule Maker", but that is so theoretical as to make the entity of little use conceptually.) No matter the authorization and authentication used, Posession is still required, so I don't see that as a useful concept. I would be happy if this section simply eliminated the concept of "Authorization by Posession" and simply talked about different authorization and authentication methods. I think it would also be fine to leave this entire discussion to the policy document. But at the very least, I think you should mention that Authorization by Posession does not require a Rule Maker or a policy or making URIs hard to guess, though those are options to make access to location information more controlled. Sections 3.2/3.3: Only after a conversation with Robert have I understood that the beginning of section 3.3 is the main point of this document: This document defines a way for a third party to use HELD to obtain location by reference, and that the only authorization to acquire that location is "Authorization by Possession." This may be clear to those who have been intimately involved in the discussion all along, but it isn't clear from the document. I'd (strongly) suggest that somehow that first paragraph of 3.3 be moved up in the document, that section 3 and 4 of the document get swapped (since as far as I can tell nothing in 4 depends on 3), and that section 3 be appropriately labeled as "Informational Future Considerations for Authorization", which is all that it really is. |
2011-12-15
|
04 | Pete Resnick | [Ballot Position Update] Position for Pete Resnick has been changed to No Objection from Discuss |
2011-12-15
|
04 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-15
|
04 | Jari Arkko | [Ballot comment] Maybe I missed it or it is discussed in some other document, but I felt the document did not describe some basic properties … [Ballot comment] Maybe I missed it or it is discussed in some other document, but I felt the document did not describe some basic properties of local references. For instance, if I ask for my location and then pass it on to someone else, is the resulting dereferenced location my location at the time of the request, or my current location? Devices can move... |
2011-12-15
|
04 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-14
|
04 | Wesley Eddy | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-14
|
04 | Sean Turner | [Ballot comment] 1) Figure 2: Shouldn't the two figures in the geo-priv drafts match? 2) s3.1: Isn't it c8 in RFC 5808: (see … [Ballot comment] 1) Figure 2: Shouldn't the two figures in the geo-priv drafts match? 2) s3.1: Isn't it c8 in RFC 5808: (see C9 of [RFC5808]) 3) s3.1: Isn't this true only when you don't use S/MIME: Use of authorization by possession location URIs in a hop-by-hop protocol such as SIP [RFC3261] adds the possibility of on-path adversaries. 4) s3.2: strike the a: In contrast to authorization by possession, possession of a this form of location URI does not imply authorization. 5) s3.2: I think you need to work something about authorization by access control being based on an authentication mechanism. You mention in s3 and then again in s3.3, but it seems like it needs to be included in s3.2. I kept thinking .. because … after the first sentence. Maybe: Use of explicit access control provides a Rule Maker greater control over the behaviour of an LS because it determines access based on individual Location Recipients. or something like that. 6) s3.3: In the first two paragraphs of s3.3, I think you're trying to say this: This document does not describe a specific authentication mechanism; therefore, the authorization by access control model is not an option. Instead, this document uses the authorization by possession model. The existing two paragraphs seemed little wordy. |
2011-12-14
|
04 | Sean Turner | [Ballot discuss] 1) This is along the same lines as Stephen's #1. s3.1: Just to make sure I understand Authorization by Possession could just as … [Ballot discuss] 1) This is along the same lines as Stephen's #1. s3.1: Just to make sure I understand Authorization by Possession could just as easily have been called Authorization by Obscure URI? These seems like security through obscurity. Also, shouldn't there be some kind of statement like at a minimum: The use of this model SHOULD involve the use of TLS? Actually based on s4 shouldn't that be a MUST? s4 contains the following: The Location Recipient establishes a connection to the LS, as described in [RFC2818]. The TLS ciphersuite TLS_NULL_WITH_NULL_NULL MUST NOT be used. The LS MUST be authenticated to ensure that the correct server is contacted. I read that as HTTPS MUST be used. If that is how you intended it, can't you just say that instead? s6 says s4 says it's strong RECOMMENDED, but I don't see that in s4. |
2011-12-14
|
04 | Sean Turner | [Ballot Position Update] New position, Discuss, has been recorded |
2011-12-14
|
04 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-14
|
04 | Pete Resnick | [Ballot comment] Section 1: Lots of redundant text. Could use an edit. A single paragraph is probably sufficient. I also find the diagram not terribly … [Ballot comment] Section 1: Lots of redundant text. Could use an edit. A single paragraph is probably sufficient. I also find the diagram not terribly useful in the intro. Section 3: I actually found this discussion rather confusing and unnecessary. "Authorization by Posession" is often equivalent to no authorization at all. For certain resources that require no particular protection, there needn't be any obscuration by "hard to guess" URIs, and there needn't be a Rule Maker in existence at all. On the flip side, Authorization via Access Control needn't involve a policy document at all: regular HTTP authenthication could be used with a username and password, and access control can be handled entirely by the HTTP server, again without a Rule Maker. (Of course, in each case there is theoretically a "Rule Maker", but that is so theoretical as to make the entity of little use conceptually.) No matter the authorization and authentication used, Posession is still required, so I don't see that as a useful concept. I would be happy if this section simply eliminated the concept of "Authorization by Posession" and simply talked about different authorization and authentication methods. I think it would also be fine to leave this entire discussion to the policy document. But at the very least, I think you should mention that Authorization by Posession does not require a Rule Maker or a policy or making URIs hard to guess, though those are options to make access to location information more controlled. |
2011-12-14
|
04 | Pete Resnick | [Ballot discuss] 3.2/3.3: I cannot see how this protocol can be interoperable unless you commit to a particular policy mechanism and format, not just a … [Ballot discuss] 3.2/3.3: I cannot see how this protocol can be interoperable unless you commit to a particular policy mechanism and format, not just a "possible format" [3.2] or a mechanism "such as those described in [I-D.ietf-geopriv-policy]". It seems to me that ietf-geopriv-policy should be a normative reference in this document, not an informative one, and these two sections should be written to normatively reference it. |
2011-12-14
|
04 | Pete Resnick | [Ballot Position Update] New position, Discuss, has been recorded |
2011-12-13
|
04 | Peter Saint-Andre | [Ballot comment] The AppsDir review by Ted Hardie raised several minor issues, which deserve a response. The review can be found at http://www.ietf.org/mail-archive/web/apps-discuss/current/msg03941.html A number … [Ballot comment] The AppsDir review by Ted Hardie raised several minor issues, which deserve a response. The review can be found at http://www.ietf.org/mail-archive/web/apps-discuss/current/msg03941.html A number of terms are re-used from RFC 3693 and RFC 5808; it would be helpful to cite those specifications in Section 2. Although Section 3 says that "no authentication framework is provided", it's not true that authentication cannot be performed (e.g., if HTTP is used to communicate with the LIS/LS then HTTP authentication can be used). The text here is not entirely consistent with the later text in Section 3.3 ("A Location Server MAY support an authentication mechanism that enables identity-based authorization policies to be used") and similar text in Section 4. It would be appropriate to say something about leakage of location URIs (which could happen outside the TLS-protected channel between the Target and the Location Recipient -- URIs have a tendency to leak). RFC 5808 has some text about this, and perhaps you could simply point there. |
2011-12-13
|
04 | Peter Saint-Andre | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-13
|
04 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-13
|
04 | Elwyn Davies | Request for Telechat review by GENART Completed. Reviewer: Elwyn Davies. |
2011-12-12
|
04 | Stephen Farrell | [Ballot comment] - I expected to see some mention of single-use URIs here. Is there no use-case for those? It might help a bit given … [Ballot comment] - I expected to see some mention of single-use URIs here. Is there no use-case for those? It might help a bit given the possession-is-authorizaiton model? (But it'd also conflict with other use-cases maybe.) - s3.1, maybe s/is constructed/MUST be constructed/ such that it is hard to guess? - what are the "other measures" mentioned in the 2nd last para of 3.1? |
2011-12-12
|
04 | Stephen Farrell | [Ballot discuss] #1 The draft is (a little) inconsistent about the requirement to *use* TLS. Section 1, end of 3rd para says this "requires use … [Ballot discuss] #1 The draft is (a little) inconsistent about the requirement to *use* TLS. Section 1, end of 3rd para says this "requires use of TLS", but elsewhere (e.g. section 4, 2nd para) you say that this defines how to use "http:" URIs and the security considerations says only that TLS is "strongly RECOMMENDED." I'd prefer it all to say that you MUST use TLS always, but it at least needs to be consistent doesn't it? This should be an easy fix, I guess. #2 What, if any, form(s) of TLS server auth are required to be used when TLS is used? Would it be right to say a client MUST NOT not offer anonymous ciphersuites in the client hello? i.e the TLS_*_anon_* ciphersuites. (Just checking in case that hadn't been considered. If it already was and there's a reason to allow anon ciphersuites that's ok but would be worth explaining.) |
2011-12-12
|
04 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded |
2011-12-12
|
04 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-12
|
04 | Dan Romascanu | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-12
|
04 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-11
|
04 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded |
2011-12-08
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Elwyn Davies |
2011-12-08
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Elwyn Davies |
2011-11-28
|
04 | Robert Sparks | Telechat date has been changed to 2011-12-15 from 2011-12-01 |
2011-11-19
|
04 | Elwyn Davies | Request for Telechat review by GENART Completed. Reviewer: Elwyn Davies. |
2011-11-17
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Elwyn Davies |
2011-11-17
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Elwyn Davies |
2011-11-08
|
04 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Charlie Kaufman. |
2011-11-03
|
04 | Robert Sparks | Placed on agenda for telechat - 2011-12-01 |
2011-11-03
|
04 | Robert Sparks | State changed to IESG Evaluation from Waiting for AD Go-Ahead. |
2011-11-03
|
04 | Robert Sparks | [Ballot Position Update] New position, Yes, has been recorded for Robert Sparks |
2011-11-03
|
04 | Robert Sparks | Ballot has been issued |
2011-11-03
|
04 | Robert Sparks | Created "Approve" ballot |
2011-10-30
|
04 | (System) | New version available: draft-ietf-geopriv-deref-protocol-04.txt |
2011-10-25
|
04 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call. |
2011-10-24
|
04 | Amanda Baber | We understand that this document doesn't require any IANA actions. |
2011-10-14
|
04 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Charlie Kaufman |
2011-10-14
|
04 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Charlie Kaufman |
2011-10-11
|
04 | Amy Vezza | Last call sent |
2011-10-11
|
04 | Amy Vezza | State changed to In Last Call from Last Call Requested. The following Last Call Announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: … State changed to In Last Call from Last Call Requested. The following Last Call Announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Subject: Last Call: (A Location Dereferencing Protocol Using HELD) to Proposed Standard The IESG has received a request from the Geographic Location/Privacy WG (geopriv) to consider the following document: - 'A Location Dereferencing Protocol Using HELD' as a Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2011-10-25. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes how to use the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS) as a dereferencing protocol to resolve a reference to a Presence Information Data Format Location Object (PIDF-LO). The document assumes that a Location Recipient possesses a URI that can be used in conjunction with the HELD protocol to request the location of the Target. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-geopriv-deref-protocol/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-geopriv-deref-protocol/ No IPR declarations have been submitted directly on this I-D. |
2011-10-11
|
04 | Robert Sparks | Last Call was requested |
2011-10-11
|
04 | Robert Sparks | State changed to Last Call Requested from Publication Requested. |
2011-10-11
|
04 | Robert Sparks | Last Call text changed |
2011-10-11
|
04 | (System) | Ballot writeup text was added |
2011-10-11
|
04 | (System) | Last call text was added |
2011-10-11
|
04 | Robert Sparks | Ballot writeup text changed |
2011-09-27
|
04 | Cindy Morgan | (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he … (1.a) Who is the Document Shepherd for this document? Has the Document Shepherd personally reviewed this version of the document and, in particular, does he or she believe this version is ready for forwarding to the IESG for publication? The document shepherd for this document is Richard Barnes. I have personally reviewed this version of the document and believe that it is ready for publication. (1.b) Has the document had adequate review both from key WG members and from key non-WG members? Does the Document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? The document has had reviews from several working group participants and from an OGC participant. I do not have any concerns about the level of review. (1.c) Does the Document Shepherd have concerns that the document needs more review from a particular or broader perspective, e.g., security, operational complexity, someone familiar with AAA, internationalization or XML? I do not believe that any particular further reviews are necessary. (1.d) Does the Document Shepherd have any specific concerns or issues with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. Has an IPR disclosure related to this document been filed? If so, please include a reference to the disclosure and summarize the WG discussion and conclusion on this issue. I have no concerns or issues. (1.e) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There is broad working group consensus behind this document, based on its overall coherence with the GEOPRIV and HELD designs. (1.f) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is entered into the ID Tracker.) I am not aware of any threat of appeal. (1.g) Has the Document Shepherd personally verified that the document satisfies all ID nits? Boilerplate checks are not enough; this check needs to be thorough. Has the document met all formal review criteria it needs to, such as the MIB Doctor, media type and URI type reviews? I have passed the document through the automated ID nit checker and found no errors. The document does not require any formal reviews. (1.h) Has the document split its references into normative and informative? Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the strategy for their completion? Are there normative references that are downward references, as described in [RFC3967]? If so, list these downward references to support the Area Director in the Last Call procedure for them [RFC3967]. References are split into normative and informative. There are a couple of references that need to be updated, e.g., changing draft-ietf-geopriv-arch to RFC 6280. There is one normative downward reference, to RFC 2818. (1.i) Has the Document Shepherd verified that the document IANA consideration section exists and is consistent with the body of the document? If the document specifies protocol extensions, are reservations requested in appropriate IANA registries? Are the IANA registries clearly identified? If the document creates a new registry, does it define the proposed initial contents of the registry and an allocation procedure for future registrations? Does it suggest a reasonable name for the new registry? See [RFC5226]. If the document describes an Expert Review process has Shepherd conferred with the Responsible Area Director so that the IESG can appoint the needed Expert during the IESG Evaluation? This document makes no request of IANA. (1.j) Has the Document Shepherd verified that sections of the document that are written in a formal language, such as XML code, BNF rules, MIB definitions, etc., validate correctly in an automated checker? There is no formal language in this document. (1.k) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up? Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary Relevant content can frequently be found in the abstract and/or introduction of the document. If not, this may be an indication that there are deficiencies in the abstract or introduction. This document describes how to use the Hypertext Transfer Protocol (HTTP) over Transport Layer Security (TLS) as a dereferencing protocol to resolve a reference to a Presence Information Data Format Location Object (PIDF-LO). The document assumes that a Location Recipient possesses a URI that can be used in conjunction with the HELD protocol to request the location of the Target. Working Group Summary Was there anything in WG process that is worth noting? For example, was there controversy about particular points or were there decisions where the consensus was particularly rough? This document describes a profile of the HELD protocol, which was the topic of extensive discussions about authorization and privacy during its development. Those discussions extended somewhat to this document as well, but have been resolved with appropriate discussion of possible authorization policies and their implications. Document Quality Are there existing implementations of the protocol? Have a significant number of vendors indicated their plan to implement the specification? Are there any reviewers that merit special mention as having done a thorough review, e.g., one that resulted in important changes or a conclusion that the document had no substantive issues? If there was a MIB Doctor, Media Type or other expert review, what was its course (briefly)? In the case of a Media Type review, on what date was the request posted? This document is a profile of HELD, which currently has multiple interoperable implementations. This document is a part of the NENA i3 specification for IP-based emergency calling in the US. |
2011-09-27
|
04 | Cindy Morgan | Draft added in state Publication Requested |
2011-09-27
|
04 | Cindy Morgan | [Note]: 'Richard Barnes (rbarnes@bbn.com) is the document shepherd.' added |
2011-06-23
|
03 | (System) | New version available: draft-ietf-geopriv-deref-protocol-03.txt |
2011-06-19
|
04 | (System) | Document has expired |
2010-12-16
|
02 | (System) | New version available: draft-ietf-geopriv-deref-protocol-02.txt |
2010-09-29
|
01 | (System) | New version available: draft-ietf-geopriv-deref-protocol-01.txt |
2010-07-05
|
00 | (System) | New version available: draft-ietf-geopriv-deref-protocol-00.txt |