[Gen-art] Re: Gen-ART review of draft-santesson-tls-ume-04.txt
"Tom-PT Taylor" <taylor@nortel.com> Thu, 13 April 2006 18:25 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FU6V6-0003tC-NK; Thu, 13 Apr 2006 14:25:04 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FU6V5-0003t5-4B for gen-art@ietf.org; Thu, 13 Apr 2006 14:25:03 -0400
Received: from zrtps0kn.nortel.com ([47.140.192.55]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FU6V2-0006LR-PF for gen-art@ietf.org; Thu, 13 Apr 2006 14:25:01 -0400
Received: from zcarhxs1.corp.nortel.com (zcarhxs1.corp.nort...s0.corp.nortel.com [47.129.230.89]) by zrtps0kn.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id k3DIOsL18333; Thu, 13 Apr 2006 14:24:54 -0400 (EDT)
Received: from [127.0.0.1] ([47.130.16.80] RDNS failed) by zcarhxs1.corp.nortel.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 13 Apr 2006 14:24:54 -0400
Message-ID: <443E9771.5010809@nortel.com>
Date: Thu, 13 Apr 2006 14:24:49 -0400
From: Tom-PT Taylor <taylor@nortel.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Russ Housley <housley@vigilsec.com>
References: <443D5D6E.70107@nortel.com> <7.0.0.16.2.20060413105655.059696f0@vigilsec.com>
In-Reply-To: <7.0.0.16.2.20060413105655.059696f0@vigilsec.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 13 Apr 2006 18:24:54.0337 (UTC) FILETIME=[8F8CCB10:01C65F27]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 825e642946eda55cd9bc654a36dab8c2
Cc: Joshua Ball <joshball@microsoft.com>, Ari Medvinsky <arimed@microsoft.com>, gen-art@ietf.org, Stefan Santesson <stefans@microsoft.com>
Subject: [Gen-art] Re: Gen-ART review of draft-santesson-tls-ume-04.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Errors-To: gen-art-bounces@ietf.org
Inline. Russ Housley wrote: > Tom: > ... >> Substantive comments: >> >> 1. Section 1.2 Design Considerations, second sentence. This sentence >> is talking about a possible alternative design approach to protect the >> data being sent. A concern over inappropriate dissemination is >> expressed in the Security Considerations section of the draft. >> >> The proposal in the Security Considerations section that the client >> use discretion in sending the information is a half-hearted look at >> the issue, since an attacker can view the SupplementalData in transit. >> The authors may need to make up their minds whether exposure is an >> issue or not. > > I do not agree. The solution is not described will in > draft-santesson-tls-supp-00.txt, but the double handshake is the > solution. I have written a description of it in the security > considerations of draft-housley-tls-authz-extns-03.txt. I'm please to > include that text in this document if you believe it will help. > [PTT] Perhaps the second sentence of section 1.2 could be modified to refer to the double handshake solution? >> 2. The protocol requires assignment of an extension type number to the >> user_mapping extension. Similarly, a supplemental data type number >> needs to be assigned to user_mapping_data. I suppose this can be left >> to IANA to assign the next available number, since the numbering >> sequence doesn't seem to have any protocol significance. > > Leaving the number assignment to IANA is the usual practice. > [PTT] I see that has been added to the IANA Considerations section in -05. I didn't realize -05 had come out, BTW -- must have misread some of the messages that went by. >> 3. A literal reading of 2246bis section 4.3 suggests, based on the >> upper bounds of the various data structures in section 3 of the >> present document, that the user_mapping_data_list doesn't provide >> enough space to hold even one instance of UserMappingData. Is such a >> cavalier use of upper bounds normal TLS specification usage? > > I think of these values as maximum buffer sizes. Take a look at > 2246bis, and you will see many cases like this. [PTT] OK > >> 4. Is there any relationship between the value of user_principal_name >> and the value of domain_name, if they are both present in the same >> UpnDomainHint instance? > > Text was added in draft-santesson-tls-ume-05.txt to address a similar > Last Call comment. It has already had many eyes look at it, so I hope > you are also satisfied. > [PTT] OK, I found it -- not quite where I expected, but it works. >> 5. In section 4, after the user_mapping extension has been negotiated, >> the sending of the SupplementalData message is only a MAY. Is this the >> intended strength? > > Text was added in draft-santesson-tls-ume-05.txt to address a similar > Last Call comment. It has already had many eyes look at it, so I hope > you are also satisfied, > [PTT] I'll have to take your word for it -- I see no change. >> 6. In section 5, Security Considerations, there are two SHOULD bullets >> for client behaviour. The first one raises a question in my mind that >> may need additional text in draft-santesson-tls-supp-00.txt. The >> question is: what is the behaviour expected of a server that receives >> supplemental data of a type that has not been negotiated as an extension? > > Good point. I suggest: > > OLD: > > If present, the SupplementalData handshake message MUST contain a > non-empty SupplementalDataEntry structure carrying data associated > with at least one defined SupplementalDataType. An explicit > agreement that governs presence of any supplemental data MUST be > concluded between client and server for each SupplementalDataType > using the TLS extensions in the client and server hello messages. > > NEW: > > If present, the SupplementalData handshake message MUST contain a > non-empty SupplementalDataEntry structure carrying data associated > with at least one defined SupplementalDataType. An explicit > agreement that governs presence of any supplemental data MUST be > concluded between client and server for each SupplementalDataType > using the TLS extensions in the client and server hello messages. > Receiving an unexpected SupplementalData handshake message > results in a fatal error, and the receiver MUST close the connection > with a fatal unexpected_message alert. [PTT] Looks good. > >> 7. Same bullets: any time a SHOULD is specified, the document should >> also describe the exceptional case. When would a client send >> supplemental data it has not negotiated? Isn't this a protocol >> violation? What exception do you see for the second bullet? > > Is this handled by the above text too? > [PTT] Still not sure why the first bullet is a SHOULD, given that the above text implies a MUST. > Russ > > > _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of draft-santesson-tls-u… Tom-PT Taylor
- [Gen-art] Re: Gen-ART review of draft-santesson-t… Russ Housley
- Re: [Gen-art] Re: Gen-ART review of draft-santess… Brian E Carpenter
- [Gen-art] Re: Gen-ART review of draft-santesson-t… Tom-PT Taylor
- [Gen-art] RE: Gen-ART review of draft-santesson-t… Stefan Santesson
- [Gen-art] Re: Gen-ART review of draft-santesson-t… Tom-PT Taylor