Review for media types: application/ibe-pp-data, application/ibe-key-request+xml, and application/ibe-pkg-reply+xml

Turner, Sean P. turners at ieca.com
Wed Oct 1 20:38:49 CEST 2008 

I'll certainly pass them to the editor.

spt 

>-----Original Message-----
>From: mark at coactus.com [mailto:mark at coactus.com] On Behalf Of 
>Mark Baker
>Sent: Wednesday, October 01, 2008 1:12 PM
>To: Chris Newman
>Cc: Turner, Sean P.; ietf-types at iana.org
>Subject: Re: Review for media types: application/ibe-pp-data, 
>application/ibe-key-request+xml, and application/ibe-pkg-reply+xml
>
>On Tue, Sep 30, 2008 at 10:57 PM, Chris Newman 
><Chris.Newman at sun.com> wrote:
>> --On September 29, 2008 15:31:20 -0400 Mark Baker 
><distobj at acm.org> wrote:
>>>
>>> - as an observation, the mandatory parameters for 
>>> application/ibe-key-request+xml and application/ibe-pkg-reply+xml 
>>> both seem to be message control data rather than representation 
>>> metadata, so this seems a misuse of the media type 
>framework.  Is it 
>>> too late to fix this?
>>
>> Mark,
>>
>> Can you go into more detail on what you think would fix this issue?
>
>It's not really germane to the media type registration, but 
>since you ask ...  Perhaps Sean could forward these comments to SMIME.
>
>The draft as a whole does a very poor job at using HTTP, 
>opting to use it as a transport protocol rather than a 
>transfer protocol.  For example, it mints new IBE-specific 
>error codes - including a "server error" code - and returns 
>those in HTTP 200 response messages.
>
>Regarding the use of the media type parameters, on 
>application/ibe-key-request+xml, they are defined as;
>
>"The required parameters are the
>  identity for which an IBE private key is being requested
>  and an object identifier that identifies which
>  cryptographic algorithm the key is being requested for."
>
>In other words, it identifies the logical target of the 
>request message, which, for HTTP, is supposed to be placed in 
>the Request-URI field of the HTTP envelope.  HTTP GET should 
>also be used to retrieve it, rather than HTTP POST which is 
>the only allowed method per the draft.
>
>I also notice that RFC 3205/BCP 56 isn't referenced.
>
>Mark.

More information about the Ietf-types mailing list