IETF tutorial-segment (was Re: Feedback on draft-burke-content-signature-00.txt) from Dave CROCKER on 2011-03-29 (ietf-http-wg@w3.org from January to March 2011)

From: Dave CROCKER <dcrocker@bbiw.net>
Date: Tue, 29 Mar 2011 07:41:02 +0000
To: Bill Burke <bburke@redhat.com>
CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, Scott Cantor <cantor.2@osu.edu>, Chad La Joie <lajoie@itumi.biz>
Message-ID: <4D918CCC.7070409@bbiw.net>

On 3/23/2011 11:54 AM, Bill Burke wrote:
> Question:
>
> I'm very unfamiliar with the whole IETF process. How do I submit new draft
> versions? Maybe I'm just stupid, but I couldn't figure out a way to do this.

Anyone may submit a new Internet Draft.  I think the web interface for doing 
this is now quite good, although the error messages can sometimes be a bit 
cryptic.  But I'll assume that there are no questions about that level of 
interaction.  If there /are/ questions, they probably should refer to specific 
actions and details of any problems.

One quirk is that the filename must be draft-...-00.txt form.

As for updates, any of the authors listed in the last-issued draft may submit a 
revision.  The process is exactly the same as for initial submission.

The difference is that the tool enforces version control.  The filename that is 
used for getting (uploading) needs to be the same as the previous submission, 
but with the version number being exactly one higher.

(Feel free to contact me offlist if you want to discuss this more, or onlist if 
the rest of the group wants to pursue it.)

> Also, where should I ping for feedback on this? CC ietf-http-wg@w3.org? You also
> suggested the HTTPbis email list in a prior email.

Since this exchange came up on that list and since I believe that's the group 
that is interested in this functional enhancement, I assume the answer is yes. 
But then, I am not running that list...

>> * There currently isn't any structure to the signer field. What about putting
>> a URI there, or specifying a parameter for one, so that the public key can be
>> discovered? I know this is highly algorithm-specific, but IMO most / all
>> algorithms should have a way to discover the key, so as to encourage decoupling.
>>
>
> I'd like to keep the signer field opaque. That way you can put a URI, or just
> some arbitrary string. One of the use cases I have for this is authentication in
> a workflow environment, and a URI might not be appropriate for these scenarios.

If you really mean opaque, how is the verifier on the receiving side supposed to 
know how to use the string?

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

Received on Tuesday, 29 March 2011 11:32:29 UTC