Hi David, Thank you for your reply. We have updated as requested.
> 4) <!-- [rfced] We see that the capitalization of "Key ID" is inconsistent. > Please let how we should update it. > --> > > I think the inconsistency is intentional: "key ID" refers to the concept, > whereas "Key ID" refers to the eponymous field in the Key Exporter Context > structure. Does that work or do you think it reduces clarity? ) Thank you for clarifying. The reasoning makes sense, and it should be clear enough from the context within the document. We have left the capitalization as is. The updated files have been posted here (please refresh): https://www.rfc-editor.org/authors/rfc9729.md https://www.rfc-editor.org/authors/rfc9729-diff.html (comprehensive text diff) https://www.rfc-editor.org/authors/rfc9729-auth48diff.html (AUTH48 text diff) https://www.rfc-editor.org/authors/rfc9729-mdrfcdiff.html (comprehensive md diff side-by-side) https://www.rfc-editor.org/authors/rfc9729-mdauth48diff.html (AUTH48 md diff side-by-side) Please review the document carefully and contact us with any further updates you may have. Note that we do not make changes once a document is published as an RFC. We will await approvals from each author of the content in the markdown prior to converting the markdown to RFCXML and asking each authors to review and approve the final files. For the AUTH48 status of this document, please see: https://www.rfc-editor.org/auth48/rfc9729 Thank you, RFC Editor/ap > On Feb 3, 2025, at 7:43 PM, David Schinazi <dschinazi.i...@gmail.com> wrote: > > Hi RFC Editor(s), > > First off, I really wanted to thank you for doing this AUTH48 in markdown - > it's a huge life improvement :-) > > Please find answers to your questions inline below. Let me know when you've > incorporated those and I'll do a full pass of the document as soon as I can > in the next few days. > > Thanks, > David > > On Fri, Jan 31, 2025 at 12:18 PM <rfc-edi...@rfc-editor.org> wrote: > Authors, > > While reviewing this document during AUTH48, please resolve (as necessary) > the following questions, which are also in the XML file. > > 1) <!-- [rfced] FYI, we have added the following sentence to Section 1.1 > ("Conventions and Definitions") in order to include a citation for RFC 8792 > in the text. Please let us know of any objections. > > Current: > Various examples in this document contain long lines that may be folded, > as described in [RFC8792]. > --> > > Sounds good. > > 2) <!--[rfced] Throughout the text, "Concealed HTTP authentication scheme" > and "Concealed authentication scheme" appear to be used inconsistently. > Please review these occurrences and let us know if/how they be made > consistent. Some examples are listed here: > > Original: > When a client wishes to use the Concealed HTTP authentication scheme > with a request, it SHALL compute the authentication proof using a TLS > keying material exporter with the following parameters: > ... > If a frontend is configured to check the Concealed authentication > scheme, it will parse the Authorization (or Proxy-Authorization) > header field. > --> > > I think that the defining statement at the start of section 2 > <<This document defines the "Concealed" HTTP authentication scheme.>> > should include "HTTP" to be extra clear when defining it. I'm happy for all > other uses to be consistent. > So maybe we make them all <<Concealed HTTP authentication scheme>>? > > 3) <!-- [rfced] Please review sourcecode types within the markdown file, and > let us know if they should be set and/or have been set correctly. > > The current list of preferred values for sourcecode types is available at > <https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types>. > If the current list does not contain an applicable type, feel free to > suggest additions for consideration. Note that it is also acceptable > to leave the sourcecode type not set. > --> > > They look correct to me. It might be useful to define a new type for the QUIC > presentation format given how common it's becoming (since we have one for the > TLS presentation format), but for this document those can stay empty since it > doesn't exist yet. > > 4) <!-- [rfced] We see that the capitalization of "Key ID" is inconsistent. > Please let how we should update it. > --> > > I think the inconsistency is intentional: "key ID" refers to the concept, > whereas "Key ID" refers to the eponymous field in the Key Exporter Context > structure. Does that work or do you think it reduces clarity? > > 5) <!--[rfced] As "Signature Algorithm" is being used in a general way and > not as a field name, may we make it lowercase in this sentence? > > Original: > The encoding of the public key is determined by the Signature > Algorithm in use as follows: > > Perhaps: > The encoding of the public key is determined by the signature > algorithm in use as follows: > --> > > Agreed, that one's not the field name so lowercase makes sense. > > 6) <!--[rfced] For clarity, may we update "which" to "that" here? It depends > on the intended meaning, as noted below. > > Original: > The public key is an RSAPublicKey structure > [PKCS1] encoded in DER [X.690]. BER encodings which are not DER > MUST be rejected. > > Perhaps (restrictive "that", meaning some BER encodings): > The public key is an RSAPublicKey structure > [PKCS1] encoded in DER [X.690]. BER encodings that are not DER > MUST be rejected. > > Or (nonrestrictive "which", meaning all BER encodings): > The public key is an RSAPublicKey structure > [PKCS1] encoded in DER [X.690]. BER encodings, which are not DER, > MUST be rejected. > --> > > You're correct, let's use "that" here. Some BER encodings are DER, and those > are valid and must not be rejected. > > 7) <!-- [rfced] We having difficulty parsing the following sentence. > Does the key ID authenticate or does the client? > > Current: > For example, the key ID "basement" authenticating using Ed25519 > [ED25519] could produce the following header field > > Perhaps: > For example, a client authenticating with the key ID "basement" > and using Ed25519 [ED25519] could produce the following header > field > --> > > You're correct that the key ID doesn't authenticate. However, "authenticate" > is somewhat annoying as a verb in that the concept of "the client is proving > to the server that it is who it says it is" can be said as "the server > authenticated the client" or "the client authenticated to the server" - and > not everyone agrees that they're both valid. How about we sidestep the issue > with something like this: > <<For example, a client using the key ID "basement" and the signature > algorithm Ed25519 [ED25519] could produce the following header field:>> > > 8) <!-- [rfced] RFC 8941 has been obsoleted by RFC 9651. May we replace RFC > 8941 with RFC 9651? > --> > > Yes, please. > > 9) <!-- [rfced] Please review the "Inclusive Language" portion of the online > Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> > and let us know if any changes are needed. Updates of this nature typically > result in more precise language, which is helpful for readers. > --> > > I didn't find any instances of non inclusive language, but let me know if you > noticed any. > > 10) <!--[rfced] References. May we add the following URL to this reference > for the ease of the reader? > > https://www.itu.int/rec/T-REC-X.690 > > Current: > > [X.690] ITU-T, "Information technology - ASN.1 encoding Rules: > Specification of Basic Encoding Rules (BER), Canonical > Encoding Rules (CER) and Distinguished Encoding Rules > (DER)", ITU-T Recommendation X690, ISO/IEC 8825-1:2021, > February 2021. > --> > > Sounds good. > > Thank you. > > RFC Editor/ap/jm > > > On 1/31/25 2:14 PM, rfc-edi...@rfc-editor.org wrote: > *****IMPORTANT***** > > Updated 2025/01/31 > > RFC Author(s): > -------------- > > Instructions for Completing AUTH48 > > Your document has now entered AUTH48. Once it has been reviewed and > approved by you and all coauthors, it will be published as an RFC. > If an author is no longer available, there are several remedies > available as listed in the FAQ (https://www.rfc-editor.org/faq/). > > You and you coauthors are responsible for engaging other parties > (e.g., Contributors or Working Group) as necessary before providing > your approval. > > Planning your review > --------------------- > > Please review the following aspects of your document: > > * RFC Editor questions > > Please review and resolve any questions raised by the RFC Editor > that have been included in the .md file as comments marked as > follows: > > <!-- [rfced] ... --> > > These questions will also be sent in a subsequent email. > > * Changes submitted by coauthors > > Please ensure that you review any changes submitted by your > coauthors. We assume that if you do not speak up that you > agree to changes submitted by your coauthors. > > * Content > > Please review the full content of the document, as this cannot > change once the RFC is published. Please pay particular attention to: > - IANA considerations updates (if applicable) > - contact information > - references > > * Copyright notices and legends > > Please review the copyright notice and legends as defined in > RFC 5378 and the Trust Legal Provisions > (TLP – https://trustee.ietf.org/license-info). > > * Semantic markup > > Please review the markup in the XML file to ensure that elements of > content are correctly tagged. For example, ensure that <sourcecode> > and <artwork> are set correctly. See details at > <https://authors.ietf.org/rfcxml-vocabulary>. > > * Formatted output > > Please review the PDF, HTML, and TXT files to ensure that the > formatted output, as generated from the markup in the XML file, is > reasonable. Please note that the TXT will have formatting > limitations compared to the PDF and HTML. > > > Submitting changes > ------------------ > > To submit changes, please reply to this email using ‘REPLY ALL’ as all > the parties CCed on this message need to see your changes. The parties > include: > > * your coauthors > > * rfc-edi...@rfc-editor.org (the RPC team) > > * other document participants, depending on the stream (e.g., > IETF Stream participants are your working group chairs, the > responsible ADs, and the document shepherd). > > * auth48archive@rfc-editor.org, which is a new archival mailing list > to preserve AUTH48 conversations; it is not an active discussion > list: > > * More info: > > https://mailarchive.ietf.org/arch/msg/ietf-announce/yb6lpIGh-4Q9l2USxIAe6P8O4Zc > > * The archive itself: > https://mailarchive.ietf.org/arch/browse/auth48archive/ > > * Note: If only absolutely necessary, you may temporarily opt out > of the archiving of messages (e.g., to discuss a sensitive matter). > If needed, please add a note at the top of the message that you > have dropped the address. When the discussion is concluded, > auth48archive@rfc-editor.org will be re-added to the CC list and > its addition will be noted at the top of the message. > > You may submit your changes in one of two ways: > > An update to the provided .md file > — OR — > An explicit list of changes in this format > > Section # (or indicate Global) > > OLD: > old text > > NEW: > new text > > You do not need to reply with both an updated file and an explicit > list of changes, as either form is sufficient. > > We will ask a stream manager to review and approve any changes that seem > beyond editorial in nature, e.g., addition of new text, deletion of text, > and technical changes. Information about stream managers can be found in > the FAQ. Editorial changes do not require approval from a stream manager. > > > Approving for publication > -------------------------- > > This document is being edited in kramdown-rfc markdown. Once the content > is approved, the markdown will be converted to RFCXML and formatted as an > RFC. You will be asked to review and approve the XML and output formats. > Your final approval means you approve both the content and format. > > To approve your RFC for publication, please reply to this email stating > that you approve this RFC for publication. Please use ‘REPLY ALL’, > as all the parties CCed on this message need to see your approval. > > > Files > ----- > > The files are available here: > https://www.rfc-editor.org/authors/rfc9729.md > https://www.rfc-editor.org/authors/rfc9729.html > https://www.rfc-editor.org/authors/rfc9729.pdf > https://www.rfc-editor.org/authors/rfc9729.txt > > Diff file of the text: > https://www.rfc-editor.org/authors/rfc9729-diff.html > https://www.rfc-editor.org/authors/rfc9729-rfcdiff.html (side by side) > > Diff of the markdown: > https://www.rfc-editor.org/authors/rfc9729-mdrfcdiff.html > > > Tracking progress > ----------------- > > The details of the AUTH48 status of your document are here: > https://www.rfc-editor.org/auth48/rfc9729 > > Please let us know if you have any questions. > > Thank you for your cooperation, > > RFC Editor > > -------------------------------------- > RFC9729 (draft-ietf-httpbis-unprompted-auth-12) > > Title : The Concealed HTTP Authentication Scheme > Author(s) : D. Schinazi, D. Oliver, J. Hoyland > WG Chair(s) : Mark Nottingham, Tommy Pauly > Area Director(s) : Zaheduzzaman Sarker, Francesca Palombini > > -- auth48archive mailing list -- auth48archive@rfc-editor.org To unsubscribe send an email to auth48archive-le...@rfc-editor.org
