Push-Based Security Event Token (SET) Delivery Using HTTP
draft-ietf-secevent-http-push-14
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2020-11-30
|
14 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2020-10-12
|
14 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2020-07-30
|
14 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2020-07-02
|
14 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2020-07-01
|
14 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2020-07-01
|
14 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2020-07-01
|
14 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2020-06-30
|
14 | (System) | RFC Editor state changed to EDIT |
2020-06-30
|
14 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2020-06-30
|
14 | (System) | Announcement was received by RFC Editor |
2020-06-29
|
14 | (System) | IANA Action state changed to In Progress |
2020-06-29
|
14 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2020-06-29
|
14 | Cindy Morgan | IESG has approved the document |
2020-06-29
|
14 | Cindy Morgan | Closed "Approve" ballot |
2020-06-29
|
14 | Cindy Morgan | Ballot approval text was generated |
2020-06-26
|
14 | Michael Jones | New version available: draft-ietf-secevent-http-push-14.txt |
2020-06-26
|
14 | (System) | New version approved |
2020-06-26
|
14 | (System) | Request for posting confirmation emailed to previous authors: Morteza Ansari , Annabelle Backman , Michael Jones , Marius Scurtescu , Anthony Nadalin |
2020-06-26
|
14 | Michael Jones | Uploaded new revision |
2020-06-25
|
13 | Cindy Morgan | IESG state changed to Approved-announcement to be sent from IESG Evaluation |
2020-06-25
|
13 | Michelle Cotton | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2020-06-25
|
13 | Roman Danyliw | [Ballot comment] Thanks for responding to the SECDIR review (and thanks to Valery Smyslov for doing it). Thanks for addressing all of my COMMENT items. |
2020-06-25
|
13 | Roman Danyliw | Ballot comment text updated for Roman Danyliw |
2020-06-24
|
13 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2020-06-24
|
13 | Michael Jones | New version available: draft-ietf-secevent-http-push-13.txt |
2020-06-24
|
13 | (System) | New version approved |
2020-06-24
|
13 | (System) | Request for posting confirmation emailed to previous authors: Michael Jones , Morteza Ansari , Marius Scurtescu , Anthony Nadalin , Annabelle Backman |
2020-06-24
|
13 | Michael Jones | Uploaded new revision |
2020-06-24
|
12 | Warren Kumari | [Ballot comment] Like Eric and Erik, I was unclear on the "known to one another" bit, but it feels like this horse has now been … [Ballot comment] Like Eric and Erik, I was unclear on the "known to one another" bit, but it feels like this horse has now been sufficiently beaten... I would like to draw your attention to the OpsDir comments (thanks Joe!), which have some nits that should be addressed - https://datatracker.ietf.org/doc/review-ietf-secevent-http-push-10-opsdir-lc-clarke-2020-05-14/ |
2020-06-24
|
12 | Warren Kumari | [Ballot Position Update] New position, No Objection, has been recorded for Warren Kumari |
2020-06-24
|
12 | Barry Leiba | [Ballot comment] — Section 1 — I agree with Éric’s comment that “known to one another” should be better explained — just something brief. … [Ballot comment] — Section 1 — I agree with Éric’s comment that “known to one another” should be better explained — just something brief. Push-based SET delivery over HTTP POST is intended for scenarios where all of the following apply: Is it the intent that push be used in all such cases, and pull in all others? It would be good to explicitly say that, perhaps by adding “(with pull-based SET delivery used in all other cases)” to the above. — Section 2 — o The SET is authentic (i.e., it was issued by the issuer specified within the SET, and if signed, was signed by a key belonging to the issuer). If the SET is not signed, how is authenticity determined and validated? I understand that the specifics are out of scope for this document, but I’m trying to understand in general how this works. o The SET Issuer is recognized as an issuer that the SET Recipient is willing to receive SETs from (e.g., the issuer is whitelisted by the SET Recipient). Let’s get a head start on the movement away from “whitelist/blacklist” and change this to “is listed as allowed by the SET Recipient”, or some such. What do you think? o The SET Recipient is willing to accept the SET when transmitted by the SET Transmitter (e.g., the SET Transmitter is expected to send SETs with the subject of the SET in question). It took me a couple of reads to understand what this is getting at. Maybe this clarifies a little?: NEW o The SET Recipient is willing to accept this SET from this SET Transmitter (e.g., the SET Transmitter is expected to send SETs with the subject of the SET in question). END The SET Transmitter MAY re-transmit a SET if the responses from previous transmissions timed out or indicated potentially recoverable error Nit: “errors” — Section 2.1 — To transmit a SET to a SET Recipient, the SET Transmitter makes an HTTP POST request to an HTTP endpoint using TLS provided by the SET Recipient. How is TLS provided by the SET Recipient? Or, perhaps, do you mean, “makes an HTTP POST request using TLS to an HTTP endpoint provided by the SET Recipient.”? — Section 2.2 — Before acknowledgement, SET Recipients SHOULD ensure they have validated received SETs Section 2 says, “Upon receipt of a SET, the SET Recipient SHALL validate”, so how does that work with the SHOULD here? I think this is a problem with repeating normative statements: making sure they remain completely consistent. — Section 2.4 — | | unacceptable to the SET Recipient. (e.g., | | | expired, revoked, failed certificate | | | validation, etc.) | Nit: “e.g.” and “etc.” used together is redundant; I suggest removing the former. Implementations SHOULD expect that other Error Codes may also be received, as the set of Error Codes is extensible I suggest not using a 2119 key word here. This isn’t really a SHOULD: an implementation that can’t tolerate extensions will be limited and eventually considered broken. I think it’s better to just say this as a statement, beginning the sentence with the word “Other”. — Section 3 — The TLS server certificate MUST be validated, per [RFC6125]. Is DANE (RFC 6698) not allowed? Or should this be worded differently? This also applies to the reference to cert validation in Section 5.3. — Section 7.1 — Future assignments are to be made through the Specification Required registration policy Please provide some brief guidance to the designated experts. Thanks. — Section 7.1.1 — Change Controller For error codes registered by the IETF or its working groups, list "IETF SecEvent Working Group". Nit: This isn’t consistent with Section 7.1.2, nor with current practice. It should just say “IETF”. |
2020-06-24
|
12 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2020-06-24
|
12 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
2020-06-24
|
12 | Martin Vigoureux | [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux |
2020-06-24
|
12 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded for Magnus Westerlund |
2020-06-23
|
12 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2020-06-23
|
12 | Yaron Sheffer | This document now replaces draft-ietf-secevent-delivery instead of None |
2020-06-23
|
12 | Alvaro Retana | [Ballot comment] This document (and draft-ietf-secevent-http-poll) should be tagged as replacing draft-ietf-secevent-delivery. |
2020-06-23
|
12 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2020-06-23
|
12 | Roman Danyliw | [Ballot comment] Thanks for responding to the SECDIR review (and thanks to Valery Smyslov for doing it) ** Section 2.1. Per “To transmit a SET … [Ballot comment] Thanks for responding to the SECDIR review (and thanks to Valery Smyslov for doing it) ** Section 2.1. Per “To transmit a SET to a SET Recipient, the SET Transmitter makes an HTTP POST request to an HTTP endpoint using TLS provided by the SET Recipient” didn’t parse right. What does it mean to “us[e] TLS provided by …”? ** Section 5.3. Recommend being clearer that using TLS is a MUST. OLD In some use cases, using TLS to secure the transmitted SETs will be sufficient. In other use cases, encrypting the SET as described in JWE [RFC7516] will also be required NEW TLS MUST be used to secure the transmitted SETs. In some use cases, also encrypting the SET as described in JWE [RFC7516] will be required. ** Section 5.3. Per “SETs may contain sensitive information that is considered Personally Identifiable Information (PII). In such cases …”, first off, I fully endorse and concur with the spirit here – being clear when you have sensitive information that confidentiality is a MUST requirement. However, we need precision here – PII is a technical term in many jurisdictions, and the definition varies. I wouldn’t want to make the normative guidance here conditional on this ambiguity. I’d also note that Section 5.1. of RFC8417 refers to confidentiality requirements in the presence of third parties. Combining these observations will the editorial item above, I recommend: “SETs may contain sensitive information, to include Personally Identifiable Information (PII), or be distributed through third parties. TLS MUST be …” ** Section 5.3. Per the reference RFC7525, I recognize that this sentence is identical to Section 5.1 of RFC8417. Is there a reason why conformance to it (RFC7525) is not a MUST (e.g., to ensure guidance on ciphersuites)? You’ve already covered TLS version numbers with text and certificate validation with RFC6125. ** Section 5.5. Per “At the time of receipt, the SET Recipient can rely upon transport layer mechanisms …”, since this whole specification is about a particular “transport layer mechanisms”, what is are the specific details here – or is this out of scope? |
2020-06-23
|
12 | Roman Danyliw | [Ballot Position Update] New position, No Objection, has been recorded for Roman Danyliw |
2020-06-22
|
12 | Robert Wilton | [Ballot comment] Hi, I found this document easy to read. A few minor nits: 1.2. Definitions This specification utilizes the following terms defined in … [Ballot comment] Hi, I found this document easy to read. A few minor nits: 1.2. Definitions This specification utilizes the following terms defined in [RFC8417]: "Security Event Token (SET)", "SET Issuer", "SET Recipient", and "Event Payload". This specification utilizes terminology defined in [RFC8417], as well as the terms defined below: This text could probably be simplified/made slightly less repetitive. 2. SET Delivery Once the SET has been validated and persisted, the SET Recipient SHOULD immediately return a response indicating that the SET was successfully delivered. The SET Recipient SHOULD NOT perform anything beyond the required validation steps prior to sending this response. Any additional steps SHOULD be executed asynchronously from delivery, in order to minimize the expense and impact of SET delivery on the SET Transmitter. Rather than "perform anything", perhaps "perform further processing of the SET" Rather than "in order to minimize the expense and impact of SET delivery on the SET Transmitter." perhaps "to minimize the time the SET Transmitter is waiting for a response". 2.2. Success Response Note that the purpose of the acknowledgement response is to let the SET Transmitter know that a SET has been delivered and the information no longer needs to be retained by the SET Transmitter. Before acknowledgement, SET Recipients SHOULD ensure they have validated received SETs and retained them in a manner appropriate to information retention requirements appropriate to the SET event types signaled. The level and method of retention of SETs by SET Recipients is out of scope of this specification. The normative behaviour of retaining SETs is already specified in section 2. It might be better to refer back to that previous paragraph rather than restating it here. 7. IANA Considerations Section 7.1.1 lists the change controller as "IETF SecEvent Working Group", but the examples just list "IETF". Presumably one of these needs to change? Regards, Rob |
2020-06-22
|
12 | Robert Wilton | [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton |
2020-06-22
|
12 | Éric Vyncke | [Ballot comment] Thank you for the work put into this document. I have a single non-blocking comment about section 1: Suggest to clarify 'known to … [Ballot comment] Thank you for the work put into this document. I have a single non-blocking comment about section 1: Suggest to clarify 'known to one another', what is meant by 'known' in this context? A reader could understand it as 'known IP address' or ... Regards -éric |
2020-06-22
|
12 | Éric Vyncke | [Ballot Position Update] New position, No Objection, has been recorded for Éric Vyncke |
2020-06-20
|
12 | Erik Kline | [Ballot comment] [[ questions ]] [ section 2.4 ] * If the SET Issuer is not recognized as an issuer the recipient likes, what … [Ballot comment] [[ questions ]] [ section 2.4 ] * If the SET Issuer is not recognized as an issuer the recipient likes, what err string is best? Most of the listed codes seem plausible in some small way, which lead me to think that either I'm confused or just a small bit of text might be added to one of the entry's description. [ section 5.4 ] * Is rate-limiting problematic transmitters also a reasonable approach? [ section 5.5 ] * Would it not also suffice to record in storage the relevant information from from the transmission context? |
2020-06-20
|
12 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2020-06-20
|
12 | Murray Kucherawy | [Ballot comment] Section 2: * "SET parsing and issuer and ..." -- s/parsing and/parsing,/ * I'm struggling a bit with the SHOULD and SHOULD NOT … [Ballot comment] Section 2: * "SET parsing and issuer and ..." -- s/parsing and/parsing,/ * I'm struggling a bit with the SHOULD and SHOULD NOT in the final paragraph. When would you legitimately re-transmit a delivered SET, or not delay re-transmission after a failure? Section 2.1: OLD: ... request to an HTTP endpoint using TLS provided by the SET Recipient. NEW: ... request to a TLS-enabled HTTP endpoint provided by the SET Recipient. * This section makes several references to "header" that I think should be "header field". Section 2.3: * Same issue with the SHOULD in the first paragraph: When would you not use an appropriate HTTP response code? * I think the "MAY" in the "description" bullet is superfluous, since you're describing interoperability with a human at this point. * Same issue with "header" here, with three instances in this section. * I suggest that the example figures in this section should be indented. One of them is actually outdented. * "example non-normative" should be "non-normative example", with three instances in this section. Section 2.4: * The table here is effectively a copy of the table in Section 7.1.2. Could we just replace this section with a forward reference? Section 4: * "... always retry failed transmissions, however, it should ..." -- "however" should start a new sentence, or at least the first comma should be a semi-colon * More generally, I wonder if leaving the "retryability" (I wish that was a word) to the discretion of an implementation, which feels mushy, could be improved. In SMTP and various other protocols there's an indication, as part of the reply, that tells the client whether a failure might succeed later on a retry (say, a local resource limitation that might clear) versus one that will presumably never succeed (no such user here). The DNS makes the same distinction. For example, including in the registry a column indicating whether a response is indicating a temporary or permanent condition might be useful, or it could be a formalized part of the JSON reply. Section 5.5: * "... systems that the SET Recipient forwards the SET onto ..." -- suggest "... systems to which the SET Recipient forwards the SET ..." Section 6: * The variable use of "should" and "SHOULD" here made me look a bit sideways at this section. They all "feel" the same, so the variance seems odd. Section 7.1.1: * For "Error Code", this set of restrictions allows me to register a code called "_". Do you want more restrictions here? * "For error codes registered by the IETF or its working groups, list "IETF SecEvent Working Group"." -- What if it was some other working group? |
2020-06-20
|
12 | Murray Kucherawy | [Ballot Position Update] New position, No Objection, has been recorded for Murray Kucherawy |
2020-06-19
|
12 | Valery Smyslov | Request for Telechat review by SECDIR Completed: Ready. Reviewer: Valery Smyslov. Sent review to list. |
2020-06-18
|
12 | Amanda Baber | IANA Review state changed to IANA OK - Actions Needed from Version Changed - Review Needed |
2020-06-18
|
12 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Valery Smyslov |
2020-06-18
|
12 | Tero Kivinen | Request for Telechat review by SECDIR is assigned to Valery Smyslov |
2020-06-17
|
12 | Martin Duke | [Ballot Position Update] New position, No Objection, has been recorded for Martin Duke |
2020-06-17
|
12 | Benjamin Kaduk | IESG state changed to IESG Evaluation from Waiting for Writeup |
2020-06-17
|
12 | Cindy Morgan | Placed on agenda for telechat - 2020-06-25 |
2020-06-16
|
12 | Benjamin Kaduk | [Ballot comment] We mention DNS-ID in the context of RFC 6125 validation in Section 5.3, but not in Section 3. We don't necessarily need to … [Ballot comment] We mention DNS-ID in the context of RFC 6125 validation in Section 5.3, but not in Section 3. We don't necessarily need to mention it in both places, but it might be nice to be consistent or to remove some of the redundancy. Section 6 I think both SET Issuers and Transmitters (not just one or the other) should consider the ramifications of sharing a particular SET. While it's true that (as the secdir reviewer noted) when JWE is used the Issuer has sole knowledge/control, but in other cases the Issuer may not know the full recipient list. Appendix A (Some information leakage is possible even over the TLS channel, too. Message padding algorithms to prevent such side channels remain an open research topic.) To the IESG: note that Appenix B ("Other Streaming Specifications") is currently slated for removal prior to publication. |
2020-06-16
|
12 | Benjamin Kaduk | Ballot comment text updated for Benjamin Kaduk |
2020-06-16
|
12 | Benjamin Kaduk | Ballot has been issued |
2020-06-16
|
12 | Benjamin Kaduk | [Ballot Position Update] New position, Yes, has been recorded for Benjamin Kaduk |
2020-06-16
|
12 | Benjamin Kaduk | Created "Approve" ballot |
2020-06-16
|
12 | Benjamin Kaduk | Ballot writeup was changed |
2020-06-15
|
12 | Michael Jones | New version available: draft-ietf-secevent-http-push-12.txt |
2020-06-15
|
12 | (System) | New version approved |
2020-06-15
|
12 | (System) | Request for posting confirmation emailed to previous authors: Morteza Ansari , Michael Jones , Marius Scurtescu , Anthony Nadalin , Annabelle Backman |
2020-06-15
|
12 | Michael Jones | Uploaded new revision |
2020-06-05
|
11 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed |
2020-06-05
|
11 | Michael Jones | New version available: draft-ietf-secevent-http-push-11.txt |
2020-06-05
|
11 | (System) | New version approved |
2020-06-05
|
11 | (System) | Request for posting confirmation emailed to previous authors: Marius Scurtescu , Annabelle Backman , Michael Jones , Anthony Nadalin , Morteza Ansari |
2020-06-05
|
11 | Michael Jones | Uploaded new revision |
2020-05-18
|
10 | Vijay Gurbani | Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Vijay Gurbani. Sent review to list. |
2020-05-14
|
10 | Joe Clarke | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Joe Clarke. Sent review to list. |
2020-05-13
|
10 | Sabrina Tanamal | IANA Review state changed to IANA OK - Actions Needed from IANA - Not OK |
2020-05-13
|
10 | (System) | IANA Review state changed to IANA - Not OK from IANA - Review Needed |
2020-05-13
|
10 | Sabrina Tanamal | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-secevent-http-push-10. If any part of this review is inaccurate, please let … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: The IANA Functions Operator has completed its review of draft-ietf-secevent-http-push-10. If any part of this review is inaccurate, please let us know. The IANA Functions Operator has a question about one of the actions requested in the IANA Considerations section of this document. The IANA Functions Operator understands that, upon approval of this document, there is a single action which we must complete. A new registry is to be created called the Security Event Token Delivery Error Codes registry. IANA Question --> Where should this new registry be located? Should it be added to an existing registry page? If not, does it belong in an existing category at http://www.iana.org/protocols? The new registry is to be managed via Specification Required as defined in [RFC8126]. There are initial registrations in the new registry as follows: Error Code: invalid_request Description: The request body cannot be parsed as a SET or the event payload within the SET does not conform to the event's definition. Change Controller: IETF Reference: Section 2.4 of [[ this specification ]] Error Code: invalid_key Description: One or more keys used to encrypt or sign the SET is invalid or otherwise unacceptable to the SET Recipient. (e.g., expired, revoked, failed certificate validation, etc.) Change Controller: IETF Reference: Section 2.4 of [[ this specification ]] Error Code: authentication_failed Description: The SET Recipient could not authenticate the SET Transmitter. Change Controller: IETF Reference: Section 2.4 of [[ this specification ]] Error Code: access_denied Description: The SET Transmitter is not authorized to transmit the SET to the SET Recipient. Change Controller: IETF Reference: Section 2.4 of [[ this specification ]] The IANA Functions Operator understands that this is the only action required to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed. Thank you, Sabrina Tanamal Senior IANA Services Specialist |
2020-05-13
|
10 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2020-05-04
|
10 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Joe Clarke |
2020-05-04
|
10 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Joe Clarke |
2020-05-02
|
10 | Valery Smyslov | Request for Last Call review by SECDIR Completed: Has Issues. Reviewer: Valery Smyslov. Sent review to list. |
2020-04-30
|
10 | Jean Mahoney | Request for Last Call review by GENART is assigned to Vijay Gurbani |
2020-04-30
|
10 | Jean Mahoney | Request for Last Call review by GENART is assigned to Vijay Gurbani |
2020-04-30
|
10 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Valery Smyslov |
2020-04-30
|
10 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Valery Smyslov |
2020-04-29
|
10 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2020-04-29
|
10 | Cindy Morgan | The following Last Call announcement was sent out (ends 2020-05-13): From: The IESG To: IETF-Announce CC: Yaron Sheffer , draft-ietf-secevent-http-push@ietf.org, secevent-chairs@ietf.org, kaduk@mit.edu, … The following Last Call announcement was sent out (ends 2020-05-13): From: The IESG To: IETF-Announce CC: Yaron Sheffer , draft-ietf-secevent-http-push@ietf.org, secevent-chairs@ietf.org, kaduk@mit.edu, yaronf.ietf@gmail.com, id-event@ietf.org Reply-To: last-call@ietf.org Sender: Subject: Last Call: (Push-Based Security Event Token (SET) Delivery Using HTTP) to Proposed Standard The IESG has received a request from the Security Events WG (secevent) to consider the following document: - 'Push-Based Security Event Token (SET) Delivery Using HTTP' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2020-05-13. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This specification defines how a Security Event Token (SET) may be delivered to an intended recipient using HTTP POST. The SET is transmitted in the body of an HTTP POST request to an endpoint operated by the recipient, and the recipient indicates successful or failed transmission via the HTTP response. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-secevent-http-push/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-secevent-http-push/ballot/ No IPR declarations have been submitted directly on this I-D. |
2020-04-29
|
10 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2020-04-29
|
10 | Benjamin Kaduk | Last call was requested |
2020-04-29
|
10 | Benjamin Kaduk | Last call announcement was generated |
2020-04-29
|
10 | Benjamin Kaduk | Ballot approval text was generated |
2020-04-29
|
10 | Benjamin Kaduk | Ballot writeup was generated |
2020-04-29
|
10 | Benjamin Kaduk | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2020-04-29
|
10 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2020-04-29
|
10 | Annabelle Backman | New version available: draft-ietf-secevent-http-push-10.txt |
2020-04-29
|
10 | (System) | New version approved |
2020-04-29
|
10 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Morteza Ansari , Annabelle Backman , Marius Scurtescu , Michael Jones |
2020-04-29
|
10 | Annabelle Backman | Uploaded new revision |
2020-04-24
|
09 | Benjamin Kaduk | IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation::AD Followup |
2020-02-07
|
09 | Michael Jones | New version available: draft-ietf-secevent-http-push-09.txt |
2020-02-07
|
09 | (System) | New version approved |
2020-02-07
|
09 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Marius Scurtescu , Morteza Ansari , Michael Jones , Annabelle Backman |
2020-02-07
|
09 | Michael Jones | Uploaded new revision |
2020-02-06
|
08 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2020-02-06
|
08 | Michael Jones | New version available: draft-ietf-secevent-http-push-08.txt |
2020-02-06
|
08 | (System) | New version approved |
2020-02-06
|
08 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Marius Scurtescu , Morteza Ansari , Michael Jones , Annabelle Backman |
2020-02-06
|
08 | Michael Jones | Uploaded new revision |
2019-12-10
|
07 | Benjamin Kaduk | IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2019-12-10
|
07 | Benjamin Kaduk | IESG state changed to AD Evaluation from Publication Requested |
2019-07-08
|
07 | Annabelle Backman | New version available: draft-ietf-secevent-http-push-07.txt |
2019-07-08
|
07 | (System) | New version approved |
2019-07-08
|
07 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Marius Scurtescu , Morteza Ansari , Michael Jones , Annabelle Backman |
2019-07-08
|
07 | Annabelle Backman | Uploaded new revision |
2019-07-08
|
07 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Marius Scurtescu , Morteza Ansari , Michael Jones , Annabelle Backman |
2019-07-08
|
07 | Annabelle Backman | Uploaded new revision |
2019-05-10
|
06 | Yaron Sheffer | 1. Summary The document shepherd is Yaron Sheffer. The responsible Area Director is Ben Kaduk. This document defines an HTTP push-based protocol for delivery of … 1. Summary The document shepherd is Yaron Sheffer. The responsible Area Director is Ben Kaduk. This document defines an HTTP push-based protocol for delivery of Security Event Tokens (SETs, RFC 8417). This is one of the two options the working group is working on: push- vs. poll-based delivery. 2. Review and Consensus The protocol is a simple and straightforward way to transmit SETs, and the working group supports it. Since we only have a small core of active participants, we ran into a problem while requesting formal indication of support, but eventually received enough messages in favor of publication to demonstrate consensus. I have reviewed the document for this write-up, and my comments were incorporated into version -06 of the draft. In addition there are multiple implementations, including one in production by Google (https://developers.google.com/identity/risc). 3. Intellectual Property Each author has confirmed conformance with BCP 78/79. There are no IPR disclosures on the document. 4. Other Points There is a normative downref to the obsolete RFC 5246, "TLS 1.2", which is appropriate in this specific context. |
2019-05-10
|
06 | Yaron Sheffer | Responsible AD changed to Benjamin Kaduk |
2019-05-10
|
06 | Yaron Sheffer | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2019-05-10
|
06 | Yaron Sheffer | IESG state changed to Publication Requested from I-D Exists |
2019-05-10
|
06 | Yaron Sheffer | IESG process started in state Publication Requested |
2019-05-10
|
06 | Yaron Sheffer | Tags Revised I-D Needed - Issue raised by WG, Doc Shepherd Follow-up Underway cleared. |
2019-05-10
|
06 | Yaron Sheffer | 1. Summary The document shepherd is Yaron Sheffer. The responsible Area Director is Ben Kaduk. This document defines an HTTP push-based protocol for delivery of … 1. Summary The document shepherd is Yaron Sheffer. The responsible Area Director is Ben Kaduk. This document defines an HTTP push-based protocol for delivery of Security Event Tokens (SETs, RFC 8417). This is one of the two options the working group is working on: push- vs. poll-based delivery. 2. Review and Consensus The protocol is a simple and straightforward way to transmit SETs, and the working group supports it. Since we only have a small core of active participants, we ran into a problem while requesting formal indication of support, but eventually received enough messages in favor of publication to demonstrate consensus. I have reviewed the document for this write-up, and my comments were incorporated into version -06 of the draft. In addition there are multiple implementations, including one in production by Google (https://developers.google.com/identity/risc). 3. Intellectual Property Each author has confirmed conformance with BCP 78/79. There are no IPR disclosures on the document. 4. Other Points There is a normative downref to the obsolete RFC 5246, "TLS 1.2", which is appropriate in this specific context. |
2019-05-09
|
06 | Annabelle Backman | New version available: draft-ietf-secevent-http-push-06.txt |
2019-05-09
|
06 | (System) | New version approved |
2019-05-09
|
06 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Marius Scurtescu , Morteza Ansari , Michael Jones , Annabelle Backman |
2019-05-09
|
06 | Annabelle Backman | Uploaded new revision |
2019-04-12
|
05 | Yaron Sheffer | Notification list changed to Yaron Sheffer <yaronf.ietf@gmail.com> |
2019-04-12
|
05 | Yaron Sheffer | Document shepherd changed to Yaron Sheffer |
2019-04-12
|
05 | Yaron Sheffer | Tags Revised I-D Needed - Issue raised by WG, Doc Shepherd Follow-up Underway set. |
2019-04-12
|
05 | Yaron Sheffer | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2019-03-24
|
05 | Yaron Sheffer | Added to session: IETF-104: secevent Wed-0900 |
2019-03-11
|
05 | Annabelle Backman | New version available: draft-ietf-secevent-http-push-05.txt |
2019-03-11
|
05 | (System) | New version approved |
2019-03-11
|
05 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Marius Scurtescu , Morteza Ansari , Michael Jones , Annabelle Backman |
2019-03-11
|
05 | Annabelle Backman | Uploaded new revision |
2019-01-24
|
04 | Annabelle Backman | New version available: draft-ietf-secevent-http-push-04.txt |
2019-01-24
|
04 | (System) | New version approved |
2019-01-23
|
04 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Marius Scurtescu , Morteza Ansari , Michael Jones , Annabelle Backman |
2019-01-23
|
04 | Annabelle Backman | Uploaded new revision |
2018-11-18
|
03 | Yaron Sheffer | IETF WG state changed to In WG Last Call from WG Document |
2018-11-18
|
03 | Yaron Sheffer | Changed consensus to Yes from Unknown |
2018-11-18
|
03 | Yaron Sheffer | Intended Status changed to Proposed Standard from None |
2018-11-06
|
03 | Yaron Sheffer | Added to session: IETF-103: secevent Wed-0900 |
2018-10-20
|
03 | Michael Jones | New version available: draft-ietf-secevent-http-push-03.txt |
2018-10-20
|
03 | (System) | New version approved |
2018-10-20
|
03 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Morteza Ansari , Annabelle Backman , secevent-chairs@ietf.org, Michael Jones , Marius Scurtescu |
2018-10-20
|
03 | Michael Jones | Uploaded new revision |
2018-10-01
|
02 | Annabelle Backman | New version available: draft-ietf-secevent-http-push-02.txt |
2018-10-01
|
02 | (System) | New version approved |
2018-10-01
|
02 | (System) | Request for posting confirmation emailed to previous authors: Anthony Nadalin , Morteza Ansari , Michael Jones , Marius Scurtescu , Annabelle Backman |
2018-10-01
|
02 | Annabelle Backman | Uploaded new revision |
2018-10-01
|
01 | Annabelle Backman | New version available: draft-ietf-secevent-http-push-01.txt |
2018-10-01
|
01 | (System) | New version approved |
2018-10-01
|
01 | (System) | Request for posting confirmation emailed to previous authors: Phil Hunt , Anthony Nadalin , Morteza Ansari , Annabelle Backman , secevent-chairs@ietf.org, Michael Jones , … Request for posting confirmation emailed to previous authors: Phil Hunt , Anthony Nadalin , Morteza Ansari , Annabelle Backman , secevent-chairs@ietf.org, Michael Jones , Marius Scurtescu |
2018-10-01
|
01 | Annabelle Backman | Uploaded new revision |
2018-07-06
|
00 | Yaron Sheffer | Added to session: IETF-102: secevent Fri-0930 |
2018-04-16
|
00 | Annabelle Backman | New version available: draft-ietf-secevent-http-push-00.txt |
2018-04-16
|
00 | (System) | WG -00 approved |
2018-04-16
|
00 | Annabelle Backman | Set submitter to "Annabelle Backman ", replaces to (none) and sent approval email to group chairs: secevent-chairs@ietf.org |
2018-04-16
|
00 | Annabelle Backman | Uploaded new revision |