IETF Logo Mail Archive

Re: [certid] [Gen-art] Gen-ART LC Review of draft-saintandre-tls-server-id-check-11

Ben Campbell <ben@nostrum.com> Wed, 08 December 2010 21:32 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C25BE3A6988; Wed, 8 Dec 2010 13:32:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.372
X-Spam-Level:
X-Spam-Status: No, score=-102.372 tagged_above=-999 required=5 tests=[AWL=0.228, BAYES_00=-2.599, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9SYAP+qeWhTt; Wed, 8 Dec 2010 13:32:41 -0800 (PST)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by core3.amsl.com (Postfix) with ESMTP id 6275C3A687D; Wed, 8 Dec 2010 13:32:41 -0800 (PST)
Received: from dn3-174.estacado.net (vicuna-alt.estacado.net [75.53.54.121]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id oB8LY7g8076334 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 8 Dec 2010 15:34:08 -0600 (CST) (envelope-from ben@nostrum.com)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Ben Campbell <ben@nostrum.com>
In-Reply-To: <4CFFE19F.1060603@KingsMountain.com>
Date: Wed, 08 Dec 2010 15:34:06 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <DE7DDF5C-6C0B-46F8-8815-BAAC3B788958@nostrum.com>
References: <4CFFE19F.1060603@KingsMountain.com>
To: =JeffH <Jeff.Hodges@KingsMountain.com>
X-Mailer: Apple Mail (2.1082)
Received-SPF: pass (nostrum.com: 75.53.54.121 is authenticated by a trusted mechanism)
Cc: draft-saintandre-tls-server-id-check.all@tools.ietf.org, General Area Review Team <gen-art@ietf.org>, certid@ietf.org
Subject: Re: [certid] [Gen-art] Gen-ART LC Review of draft-saintandre-tls-server-id-check-11
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates <certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>, <mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Dec 2010 21:32:42 -0000

On Dec 8, 2010, at 1:50 PM, =JeffH wrote:

> <snip/>
> 
> > stpete sez..
> >> In Section 4.2.1 we say:
> >>
> >>   The inputs used by the client to construct its list of reference
> >>   identifiers might be a URI that a user has typed into an interface
> >>   (e.g., an HTTPS URL for a web site), configured account information
> >>   (e.g., the domain name of a particular host or URI used for
> >>   retrieving information or connecting to a network, which might be
> >>   different from the server portion of the user's account name), a
> >>   hyperlink in a web page that triggers a browser to retrieve a media
> >>   object or script, or some other combination of information that can
> >>   yield a source domain and a service type.
> >>
> >>   The client might need to extract the source domain and service type
> >>   from the input(s) it has received.  The extracted data MUST include
> >>   only information that can be securely parsed out of the inputs (e.g.,
> >>   extracting the fully-qualified DNS domain name from the "authority"
> >>   component of a URI or extracting the service type from the scheme of
>                           ^^^^^^^^^^
> 
> I suggest we change this to "deriving".
> 
> 

WFM

> >>   a URI) or information for which the extraction is performed in a
> >>   manner that is not subject to subversion by network attackers (e.g.,
> >>   pulling the data from a delegated domain that is explicitly
> >>   established via client or system configuration, resolving the data
> >>   via [DNSSEC], or obtaining the data from a third-party domain mapping
> >>   service in which a human user has explicitly placed trust and with
> >>   which the client communicates over a connection that provides both
> >>   mutual authentication and integrity checking).  These considerations
> >>   apply only to extraction of the source domain from the inputs;
> >>   naturally, if the inputs themselves are invalid or corrupt (e.g., a
> >>   user has clicked a link provided by a malicious entity in a phishing
> >>   attack), then the client might end up communicating with an
> >>   unexpected application service.
> >>
> >> Do you feel we need to say more about how an application client
> >> determines the source domain? Is there something special about SIP AORs
> >> that this document does not cover (but should be covering)?
> 
> 
> BenC replies..
> >
> <snip/>
> > I am suggesting a soup to nuts example of how a real world input such as
> > that gets converted to a resulting URI reference identity.
> 
> 
> So after the second para quoted above (from [S4.2.1]) how 'bout we add this..
> 
> 
> For example, given an input URI of "sip:alice:pswd@example.net;transport=tcp?subject=project%20x&priority=urgent", the client derives the service type "sip" from the scheme, and the domain name "example.net" from the authority component. Also, given an input URI of "im:alice@example.net", the derived service type is "sip" (since the "im" scheme is defined as an abstract scheme in the SIP context by [SIP-IM] (RFC 3428)), and the domain name is again "example.net".

That's pretty much what I had in mind, although the URI is more complex that you are likely to see as user input.  just "sip:alice@example.net" would probably get the idea across.

> 
> 
> ?
> 
> =JeffH
> 
> 
>

v2.23.0 | Report a Bug | By Email