Re: AD Review of draft-ietf-httpbis-unprompted-auth-09

Great, thanks. I merged the PR and submitted a -10.
https://author-tools.ietf.org/iddiff?url2=draft-ietf-httpbis-unprompted-auth-10
David

On Wed, Aug 28, 2024 at 1:13 PM Francesca Palombini <
francesca.palombini@ericsson.com> wrote:

> Hi David,
>
>
>
> Thanks for the quick reply.
>
>
>
> Just to be clear – from the way it was written in the quoted sentence, I
> didn’t read that the exporter depended on the TLS version used, but it was
> always the one defined in RFC 5705, hence my comment. Thanks for
> clarifying.
>
>
>
> Anyways, your PR works for me! Up to you if you want to submit an update
> or wait for more reviews.
>
>
>
> Francesca
>
>
>
> *From: *David Schinazi <dschinazi.ietf@gmail.com>
> *Date: *Wednesday, 28 August 2024 at 19:36
> *To: *Francesca Palombini <francesca.palombini@ericsson.com>
> *Cc: *draft-ietf-httpbis-unprompted-auth@ietf.org <
> draft-ietf-httpbis-unprompted-auth@ietf.org>, HTTP Working Group <
> ietf-http-wg@w3.org>
> *Subject: *Re: AD Review of draft-ietf-httpbis-unprompted-auth-09
>
> Hi Francesca, and thank you for the review!
>
>
>
> I've addressed all your comments in this PR:
>
> https://github.com/httpwg/http-extensions/pull/2885
>
> Can you confirm that this works for you please?
>
>
>
> Detailed responses inline.
>
>
>
> On Wed, Aug 28, 2024 at 2:34 AM Francesca Palombini <
> francesca.palombini@ericsson.com> wrote:
>
> # AD Review of draft-ietf-httpbis-unprompted-auth-09
>
>
>
> cc @fpalombini
>
>
>
> Thank you for this document, I found it very clear and easy to read. I
> only have one minor comment and some nits, you can take care of these at
> the same time as any other comments from IETF last call, which I will
> initiate now.
>
>
>
> Francesca
>
>
>
> ## Comments
>
>
>
> ### key exporter
>
>
>
> Section 3:
>
> > When a client wishes to uses the Concealed HTTP authentication scheme
> with a request, it SHALL compute the authentication proof using a TLS
> keying material exporter [KEY-EXPORT] with the following parameters:
>
>
>
> It is not clear to me if this doc uses the original RFC 5705 version (as
> referenced) or the updated construction by TLS 1.3 (Section 7.5 of RFC
> 8446). By the way it is referenced, and the way I interpret the "Update"
> header tag for RFCs, I'd assume 5705 - if my assumption is wrong, maybe
> some text (and an additional reference to TLS 1.3 in the sentence above)
> would help remove all ambiguity. Otherwise, has the working group
> considered using the TLS 1.3 exporter, rather than the RFC 5705 one?
>
>
>
> It's not possible to use the RFC 5705 construction with TLS 1.3. That
> said, I agree that the text could be improved. I've removed the reference
> from that sentence instead added the following below it to remove ambiguity:
>
> <<Note that TLS 1.3 keying material exporters are defined in Section 7.5
> of [TLS], while TLS 1.2 keying material exporters are defined in
> [KEY-EXPORT].>>
>
>
>
> ## Nits
>
>
>
> ### nit
>
>
>
> Section 3.2:
>
> >The key exporter context contains the following fields:
>
>
>
> A copy paste gone wrong, I assume :) s/context/output?
>
>
>
> Indeed. Fixed. Thanks for noticing!
>
>
>
> ### Id nits complaints
>
>
>
> ID-Nits gives me the following warning:
>
>
>
>   == Unused Reference: 'RFC8792' is defined on line 664, but no explicit
>
>      reference was found in the text
>
>
>
> This is a false positive, but I think moving the first line of Figure 5
> and 6 out of the figure would fix it.
>
>
>
> This is a bug in the idnits tool. RFC 8792 itself asks us to put this text
> inside the diagrams:
>
> https://www.rfc-editor.org/rfc/rfc8792#section-9.1
>
> I'd rather we follow the recommendation in 8792, rather than try to work
> around an idnits bug.
>
> I've filed a GitHub issue about the idnits bug here:
>
> https://github.com/ietf-tools/idnits/issues/36
>
>
>
> Thanks,
>
> David
>