Hello all,
Apologies I've been quite off for the last month or so as well. Like Wes, well numerous life events in my case too.
But I should now have time again to address soon enough the concerns I got. I will answer Wes concerns but also everybody else that took the time this last month to review and comment on the jmap quota draft.
Just bear with me a bit longer and we should be fine I believe :)
Best regards,
Rene.
On Jan 18, 2023 6:22 AM, from Bron GondwanaRene, can you please address this review. Hopefully we're close to ready now!Thanks,Bron.On Thu, Jan 12, 2023, at 09:06, Wes Hardaker wrote:I have reviewed this document as part of the security directorate'songoing effort to review all IETF documents being processed by theIESG. These comments were written primarily for the benefit of thesecurity area directors. Document editors and WG chairs should treatthese comments just like any other last call comments.Review summary: almost ready with issuesApologies for my delay in getting to the new version of this document(between vacation and a bad cold, I got behind in tasks). Thank you forthe work you put into the new version; I find it much better than theold and can see you took many suggestions (mine and others) intoaccount.A few (mostly minor) thoughts on the new version:- If it were me, I'd break the quota attributes section into it's own(becoming a new 4.1) starting with "The quota object MUST...".- 4.1: document at section 5.1 -> document in section 5.1- 4.3: any of which may be omitted -> any of which may be included oromitted- 4.3: seems odd that the name attribute is the only one that isn't alist.- 4.3: Larger issue wrt interoperability: My last note leads to thenext: in the summary paragraph you state "A Quota object matches theFilterCondition if and only if all the given conditions match,including multiple array elements existing within a condition.", whichI don't know how to interpret properly. You say that all conditionsmatch (which I'm sure means if both a scope and a resourceType arespecified they both MUST match). But the second part of the sentenceleaves me confused about multiple array elements. This would leave meto think that if you specified multiple resourceTypes in a list, thenevery type must match which should never be true so I doubt this iswhat you mean. Maybe this is a good rewrite:A Quota object matches the FilterCondition if and only if all thegiven properties match (i.e. a logical and of all properties).For filter properties that are a list, at least one of the listelements must match for that property to be considered a match(i.e. a logical or of all the property's list element).But... I am trying to figure out what you mean, and my interpretationmay be wrong!- For the example in section 5.2, I'd suggest actually using data thatfollowed the previous example in a time-sequence. Thus, if youchanged the "sinceState" to "78540" to match the last value from theprevious example, it would better show an example of commands overtime. (IMHO)- The security section is improved (thank you), but there are somewording issues within it that need work:- "so he shouldn't know" -- I think you mean other users hereshouldn't know. So I'd change this to "so other users shouldn'tknow" or "no users should know".- The last sentence is hard to read as is. I'd suggest thefollowing replacement:In order to limit those attacks, quotas with "domain" or "global"scope SHOULD only be visible to server administrators and not togeneral users.- I'm surprised you don't have an acknowledgment section, whichcustomary to list all the people that help you put this specificationtogether. It's common but not required of course.--Wes HardakerUSC/ISI--last-call mailing list--Bron Gondwana, CEO, Fastmail Pty Ltdbrong@xxxxxxxxxxxxxxxx
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
