Re: [Gen-art] Genart last call review of draft-ietf-kitten-tls-channel-bindings-for-tls13-09
Sam Whited <sam@samwhited.com> Fri, 15 October 2021 12:58 UTC
Return-Path: <sam@samwhited.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id BFCE03A079D;
Fri, 15 Oct 2021 05:58:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=samwhited.com header.b=Da1pfSHI;
dkim=pass (2048-bit key)
header.d=messagingengine.com header.b=LUdP4Ywt
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id MUew8Er-7-bv; Fri, 15 Oct 2021 05:58:09 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
[66.111.4.29])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 689E13A0787;
Fri, 15 Oct 2021 05:58:09 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
by mailout.nyi.internal (Postfix) with ESMTP id 1FB5B5C017C;
Fri, 15 Oct 2021 08:58:06 -0400 (EDT)
Received: from imap42 ([10.202.2.92])
by compute1.internal (MEProxy); Fri, 15 Oct 2021 08:58:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com;
h=mime-version:message-id:in-reply-to:references:date:from:to
:cc:subject:content-type:content-transfer-encoding; s=fm1; bh=Lv
F9KpyQE2mSPf4cB2kgRqV2zC+gRCeATVEJt+z9YTI=; b=Da1pfSHIIrmHKK+UzM
DLn/bvwtZY9bkxWVwj8Lq4rPs3UdBSqTCr8ApCOX0SUwDT+6htjKIiNYXAPANQa7
ly7YA11KQ213F+djdpJgCJIitaGSS1+Zdy8tJsnOBcvZO/BZ/oFFXotvpkkTtXkX
77xzIyLXCMn0Y5CrJwdMADwveTDulDT63Z9fziOOHSuuwbEAMT+06/aLn8CAZOrY
vualcOYMUs4oBL6DALcV2KNsr5DXtgstdE9swI40sntSBpcEvPmlKlX02++pCRIY
NpabYGGvUUpKtHEc3WDYI1GjhcxdFtOFf5A9rWqHJBVB20SpYazbCThNxHJTDAaO
XHyA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=cc:content-transfer-encoding:content-type
:date:from:in-reply-to:message-id:mime-version:references
:subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
:x-sasl-enc; s=fm1; bh=LvF9KpyQE2mSPf4cB2kgRqV2zC+gRCeATVEJt+z9Y
TI=; b=LUdP4YwthTFiBWFDcGQNc5AqxVJKtSmCljRtdvQUvttK5ikBokChhexQo
/6kr2sFvm3T1LNka4arLc9gxPEatk3Lm//saHo7dADXhAWGMapH3qiL4d2okeiBY
9jXBLJS88GZ8iF/kFXVTNQ8lEBofrbtgJtMbpZOgT3UnCyRQAEQsD8IdU2NsNmIi
/G1FCn7o98Eh4jXggp7pH1cJ9x366/YBPN3c4vkHeJvSlG+IedAj2EwDXPyLKtmD
V39aDQBJVqxmw5oYZ3X5iuhO869cvzSHVEGyHU68T333hdXHtlj3jRe2c3pVG3O/
ISEYeZjkBHgc859EOfaXMWiafg3RA==
X-ME-Sender: <xms:3XppYSc3Bc770D078mOi1rQlH5ywFAqLty2ih9b4UIFJtVN2olDWSw>
<xme:3XppYcOhr1mOgw6ZZ27vX3xSvOBWrTHpwyrYlSCENUmz-0fxqx7i0sMNNvFJk52Ch
OGZIwAhhIb3KY6kcA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddugedgheejucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfufgr
mhcuhghhihhtvggufdcuoehsrghmsehsrghmfihhihhtvggurdgtohhmqeenucggtffrrg
htthgvrhhnpedvffeuvdduhfefvdeiheeukeffhfekjeevgffggedtlefhhffhieevkedu
vefhjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe
hsrghmsehsrghmfihhihhtvggurdgtohhm
X-ME-Proxy: <xmx:3XppYThqQSy3zyIq0cke9Ya0bdeQ35oyJ8qpegOTi3sHXLb_6txfZQ>
<xmx:3XppYf_1y11LAN5uZCaYktbrKXeuZ2Yrwy5NRpTNL_SxS8cVbfFZOA>
<xmx:3XppYeubMlRWXuSWT-pSebrQF7bTCcxRwr_J3eo_rnvO3JcNQ2ruWw>
<xmx:3nppYX4bH4TXcBiP99FND7Z31CPDmTjb5qGuQQFlprTBJHnYG1pblw>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
id E7D372180075; Fri, 15 Oct 2021 08:58:05 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-1345-g8441cd7852-fm-20211006.001-g8441cd78
Mime-Version: 1.0
Message-Id: <5791c4e5-8145-416e-85d2-702a7349f327@www.fastmail.com>
In-Reply-To: <163425725839.8070.6459252490923753365@ietfa.amsl.com>
References: <163425725839.8070.6459252490923753365@ietfa.amsl.com>
Date: Fri, 15 Oct 2021 08:57:45 -0400
From: "Sam Whited" <sam@samwhited.com>
To: "Dale Worley" <worley@ariadne.com>, gen-art@ietf.org
Cc: draft-ietf-kitten-tls-channel-bindings-for-tls13.all@ietf.org,
"KITTEN Working Group" <kitten@ietf.org>, last-call@ietf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/iVOiN3QNi0tMerM3P5AfCOOjrOo>
Subject: Re: [Gen-art] Genart last call review of
draft-ietf-kitten-tls-channel-bindings-for-tls13-09
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>,
<mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>,
<mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Oct 2021 12:58:15 -0000
Thank you for the detailed review! I believe I have addressed your feedback in a draft that I will upload shortly, but have a few comments (inline). On Thu, Oct 14, 2021, at 20:20, Dale Worley via Datatracker wrote: > Given that this is the introduction and RFC 5929 is referenced without > its title, it would help the naive reader to change "channel binding > types" to "channel binding types for TLS". Since this document only updates the general-purpose "tls-unique" and does not specifically define a new version of "tls-unique-for-telnet" I have just changed the use of "unique" here to "tls-unique" to refer to the specific channel binding type. Hopefully this makes it clear that it is a TLS channel binding without the redundant "tls-unique channel binding for TLS", but I'm happy to work on this further. > It seems worthwhile to provide the name of the new binding type here. > (And notice that it is "unique" in the sense of RFC 5056 but does not > contain "unique" in its name. I'm a little surprised you didn't name > it "tls-unique-exporter" to maintain the parallelism.) I'd be happy to change that if everyone wants, I have no preference. > The appearance of this paragraph in this section suggests (but does > not assert) that in TLS 1.3, the cipher negotiation always results in > unique master secrets. Indeed, it would be extremely convenient if > (standard-conformant) use of TLS 1.3 always did so, and if so, it > would be convenient to inform the user by asserting that at the end of > section 2 (after moving the current last paragraph to a different > section). This one I had a lot of trouble with. I tried to put in some new language, but it feels out of place to me somehow. I'm not sure that this document should make assertions about the correctness of TLS 1.3, as well vetted as it has been, so I tried to phrase it in terms of "this mechanism is useful so long as this property holds", which seems like it might belong in security considerations, not the registration section? —Sam -- Sam Whited
- [Gen-art] Genart last call review of draft-ietf-k… Dale Worley via Datatracker
- Re: [Gen-art] Genart last call review of draft-ie… Sam Whited
- Re: [Gen-art] Genart last call review of draft-ie… worley
- Re: [Gen-art] Genart last call review of draft-ie… Benjamin Kaduk
- Re: [Gen-art] Genart last call review of draft-ie… Sam Whited
- Re: [Gen-art] [Last-Call] Genart last call review… Lars Eggert