Hi Roman, I’ve opened a PR to try to clarify these points — it doesn’t change the fundamental meaning, but structures the security parameters more like the transport parameters above, and clarifies that the normative bit is “expose parameters to set these”, but the types are going to be platform-specific.
https://github.com/ietf-tapswg/api-drafts/pull/1463 Please take a look and see if this helps. Thanks, Tommy > On Jan 8, 2024, at 12:32 PM, Roman Danyliw via Datatracker <[email protected]> > wrote: > > Roman Danyliw has entered the following ballot position for > draft-ietf-taps-interface-24: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-taps-interface/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thanks for the revised text in v-22, -23 and -24. I’m still do not > understanding what exact Security Parameters that Section 6.3.1 is normatively > specifying (and which of them are examples). My confusion is that Section 6.2 > has a crisp list of parameters with an explicit names, type, and default > value. > The equivalent is not present for the security related parameters. > > Section 6.3 says “except as noted below, as with the rest of the Transport > Services API, exact names of parameters and/or values of enumerations (e.g., > ciphersuites) used in the security parameters are system and implementation > specific, and ought to be chosen to follow the principle of least surprise for > users of the platform / language environment in question.” How does one read > “except when noted below”? Is this section saying the normative parameters > are > server-certificate, client-certificate, pinned-server-certificate, alpn, > supported-group, ciphersuite, signature-algorithm, max-cached-sessions, > cached-session-lifetime-seconds, pre-shared-key OR that “an API should define > certificate bundles, certificate chains for pinned certificates, ALPN, session > cache management parameters, supported groups/ciphersuite/ parameters, and PSK > parameters but no further details are provided here beyond naming these > categories of parameters”? > > I observe that the guidance in Section 4.1 suggests that parameter names are > in > CamelCase. That isn’t used here (e.g., “server-certificate” should be > “ServerCertificate”). This might hint that there are not parameters here. > However, the bulleted list in Section 6.3.1. is prefaced with “Security > configuration parameters and sample usage follow:” seems to suggest that these > are concrete parameters. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Sean Turner for the SECDIR review. > > >
_______________________________________________ Taps mailing list [email protected] https://www.ietf.org/mailman/listinfo/taps
