Skip to main content

Last Call Review of draft-ietf-secevent-http-poll-09
review-ietf-secevent-http-poll-09-genart-lc-sparks-2020-05-08-00

Request Review of draft-ietf-secevent-http-poll
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2020-05-13
Requested 2020-04-29
Authors Annabelle Backman , Michael B. Jones , Marius Scurtescu , Morteza Ansari , Anthony Nadalin
I-D last updated 2020-05-08
Completed reviews Genart Last Call review of -09 by Robert Sparks (diff)
Genart Telechat review of -11 by Robert Sparks (diff)
Assignment Reviewer Robert Sparks
State Completed
Request Last Call review on draft-ietf-secevent-http-poll by General Area Review Team (Gen-ART) Assigned
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/_Aitkm-ouoaBApZ0fcLnWkVJ3C4
Reviewed revision 09 (document currently at 12)
Result Ready w/issues
Completed 2020-05-08
review-ietf-secevent-http-poll-09-genart-lc-sparks-2020-05-08-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-secevent-http-poll-09
Reviewer: Robert Sparks
Review Date: 2020-05-08
IETF LC End Date: 2020-05-13
IESG Telechat date: Not scheduled for a telechat

Summary: Essentially ready but with some issues to consider before publishing
as a Proposed Standard RFC

This document is well-written and easy to follow.

I have a couple of edge-case issues that I think should be considered though:

This document allows, and anticipates, deployments where Recipients are not
well authenticated. See, for example, the first sentence of section 4.1. There
is also an unstated expectation in the document that the jti of each SET is
hard to guess.  If it's reasonably easy to guess jti values, a malicious
Recipient could ack SETs it has never received and the Transmitter will remove
that state, preventing a valid Recipient from ever receiving that SET.

If that's an explicit requirement in the jwt or SET base documents for the jti
to be hard to guess, please point me to it? If there's not, perhaps a short
discussion in the security considerations requiring this property would be
worthwhile?

Is there a discussion somewhere of how long the transmitter is required
to hold a given SET for a Recipient? Forever seems unreasonable.