I support to move this draft forward. On review, I found few things the draft needs to address:
Section 3.1 Event "name": Used to define a sub-type or the type name when the "type" attribute is "custom" But the line "stat" in the same section also state that "name" must set. So for "name" it should say: ..... when "type" attribute is "custom" or "stat" [LOGIN-SECURITY] I think using "[LOGIN-SECURITY]" as indicator is fine, but I think the draft needs to expand to cover the rationale (Jim's response in separate thread is good, IMO). Also, the draft should cover edge case scenario like what should the server do if client's password is "[LOGIN-SECURITY]". Should server review and force all clients to change their password if they use '[LOGIN-SECURITY]'? It is edge case, but I think it is better to cover here rather than covering it in BCP. Section 4.1 <loginSec:loginSec> "A <loginSec:loginSec> element is sent along with the [RFC5730] <login> command and MUST contain at least one of the following child elements" But every element is defined optional. Is it intentional that if the password conforms RFC5730, then the whole <loginSec> can be skipped, but client can still utilize it if they intend to pass information in <loginSec:userAgent>? Also, every elements under <loginSec:userAgent> are optional. I believed that authors would want at least one field defined if the client created <loginSec:userAgent>. I believed that I understand what Section 4.1 wants, but I think we need to work on the wording more. Best, Joseph On Mon, Jul 29, 2019 at 5:45 AM Maurizio Martinelli < maurizio.martine...@iit.cnr.it> wrote: > +1 > > Maurizio > > > > Il giorno 27 lug 2019, alle ore 17:29, James Galvin <gal...@elistx.com> > ha scritto: > > > > This is a reminder to please indicate your support or concerns regarding > this document. > > > > We do need expressions of support to advance this document. > > > > Thanks, > > > > Antoin and Jim > > > > > > > > > > On 12 Jul 2019, at 15:13, James Galvin wrote: > > > >> The following working group document is believed to be ready for > submission to the IESG for publication as a Proposed Standard: > >> > >> https://datatracker.ietf.org/doc/draft-ietf-regext-login-security/ > >> > >> A WG last call would normally be two weeks long. However, because the > IETF meeting is in two weeks this last call will be extended 1 week and > will end at close of business, Friday, 2 August 2019. > >> > >> Please review this document and indicate your support (a simple “+1” is > sufficient) or concerns with the publication of this document by replying > to this message on the list. > >> > >> As you review the document, please take note of a message from Patrick > Mevzek on 2 July 2019 where he indicated he would not block the advancement > of the document but he did have some disagreement about a few points: > >> > >> > https://mailarchive.ietf.org/arch/msg/regext/Y2nYOQ7JbhUIfPb80tXQL0neTNc > >> > >> Although Patrick was not looking to open the debate on these concerns > with his message, the Chairs do want to make sure that other working group > members have had a chance to consider them. The Chairs believe the > consensus is to move forward at this time. > >> > >> Finally, we need a document shepherd for this document. If you are > interested in being the document shepherd please let the Chairs know. > >> > >> Thanks! > >> > >> Antoin and Jim > > > > _______________________________________________ > > regext mailing list > > regext@ietf.org > > https://www.ietf.org/mailman/listinfo/regext > > -- > Dr. Maurizio Martinelli > Responsabile Servizi Internet e Sviluppo Tecnologico > CNR - Istituto di Informatica e Telematica > via G. Moruzzi 1, 56124 PISA, Italy > E-Mail: maurizio.martine...@iit.cnr.it > Phone: +39 050 3152087 > Fax: +39 050 3152207 > Web: http://www.iit.cnr.it/maurizio.martinelli > > _______________________________________________ > regext mailing list > regext@ietf.org > https://www.ietf.org/mailman/listinfo/regext >
_______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
