IETF Logo Mail Archive

[abfab] comments on draft-ietf-abfab-arch

Mark Donnelly <mark@painless-security.com> Wed, 04 September 2013 21:09 UTC

Return-Path: <mark@painless-security.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B11A21F9C7B for <abfab@ietfa.amsl.com>; Wed, 4 Sep 2013 14:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yOEYI26lhI1V for <abfab@ietfa.amsl.com>; Wed, 4 Sep 2013 14:09:37 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 6615811E810F for <abfab@ietf.org>; Wed, 4 Sep 2013 14:09:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 4C1B32031B for <abfab@ietf.org>; Wed, 4 Sep 2013 17:09:33 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJ5D1eIOg3aU for <abfab@ietf.org>; Wed, 4 Sep 2013 17:09:32 -0400 (EDT)
Received: from [127.0.0.1] (unknown [10.1.10.101]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: mark@mail.suchdamage.org) by mail.painless-security.com (Postfix) with ESMTPSA for <abfab@ietf.org>; Wed, 4 Sep 2013 17:09:32 -0400 (EDT)
Message-ID: <5227A18B.8070007@painless-security.com>
Date: Wed, 04 Sep 2013 17:09:31 -0400
From: Mark Donnelly <mark@painless-security.com>
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: abfab@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [abfab] comments on draft-ietf-abfab-arch
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Sep 2013 21:09:43 -0000

Hello all!

I work with Sam, who asked me to read the arch draft as background to 
implementing some software around ABFAB.

* Section 1.1.1 (Channel Binding) mentions "the authenticator" without
   referencing that anywhere earlier.  Sam tells me that is the EAP term
   for what ABFAB calls the RP, but that's not included in the table in
   section 1.1.
* In section 1.2, it would be nice for a break to be inserted before
   the ASCII art graph.
* Also in section 1.2, in the section about Federation, there are two
   almost identical sentences:
     The federation relationship is governed by a federation agreement.
     A federation is governed by a federation agreement.
   If these say the same thing, one should be removed.  If they say
   different things, then the difference is entirely unclear, and it
   should be explained.
* In section 1.4, points 8, 10, and 12 talk about the Master Session
   Key.  As someone new to this, the MSK was referenced here without any
   text suggesting why it exists.  Perhaps a forward reference to
   Section 4.2.2 or 5 would help, but there really doesn't seem to be a
   good explanation in the document.
* Section 3.2, in the fourth paragraph, has a sentence saying:
     The client and the TLS need to share a common trust point for the
     certificate used in validating the server.
   "TLS" doesn't make sense to me here at all.
* Later in section 3.2 there's a sentence:
     Even when it is checked, if the trust infrastructure behind
     the TLS authentication is different from the trust infrastructure
     behind the GSS-API mutual authentication then confirming the end-
     points using both trust infrastructures is likely to enhance
     security.
   The lead-in to that sentence made me expect the opposite result.  In
   essence, this sentence says, "Even when we do the right thing, the
   right thing happens."  I was expecting one of them to be the wrong
   thing after a lead-in of "Even when."
* Section 3.3, paragraph 8 contains a sentence:
     When Service Records (SRV) and Naming
     Authority Pointer (NAPTR) records are used to help find a host that
     provides a service, the security requirements on the referrals is
     going to interact with the information used in the service name.
   The minor quibble here is that the subject (requirements) disagrees
   in number with the verb (is).  My larger difficulty is that I have no
   idea how security requirements might interact with service name
   information.
* The next sentence:
     If a host name is returned from the DNS referrals, and the host
     name is to be validated by GS-EAP, then it makes sense that the
     referrals themselves should be secure.
   This sentence establishes the need for secure referrals, but nothing
   is said about how that is to be achieved.
   Also, the typo of "GS-EAP" should be corrected to "GSS-EAP."
* The last sentence of section 3.4 has a typo - 'probably' should be
   'probable.'

Thanks,
--Mark Donnelly

v2.23.0 | Report a Bug | By Email