Kathleen Moriarty's Discuss on draft-ietf-httpbis-tunnel-protocol-04: (with DISCUSS and COMMENT)
"Kathleen Moriarty" <Kathleen.Moriarty.ietf@gmail.com> Wed, 10 June 2015 08:06 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F7D61ACD31 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 10 Jun 2015 01:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.311
X-Spam-Level:
X-Spam-Status: No, score=-6.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, J_CHICKENPOX_61=0.6, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PAxi9wNuqp0U for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 10 Jun 2015 01:06:42 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B328F1ACD2C for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 10 Jun 2015 01:06:42 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1Z2ayj-0002ir-Kt for ietf-http-wg-dist@listhub.w3.org; Wed, 10 Jun 2015 08:03:17 +0000
Resent-Message-Id: <E1Z2ayj-0002ir-Kt@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1Z2ayZ-0002hV-17 for ietf-http-wg@listhub.w3.org; Wed, 10 Jun 2015 08:03:07 +0000
Received: from raoul.w3.org ([128.30.52.128]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1Z2ayW-000096-LI for ietf-http-wg@w3.org; Wed, 10 Jun 2015 08:03:06 +0000
Received: from homard.platy.net ([80.67.176.7] helo=[192.168.1.36]) by raoul.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <ylafon@w3.org>) id 1Z2ayW-0005jo-6o for ietf-http-wg@w3.org; Wed, 10 Jun 2015 08:03:04 +0000
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: text/plain; charset="us-ascii"
From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Resent-From: Yves Lafon <ylafon@w3.org>
Date: Tue, 09 Jun 2015 20:59:49 +0000
Cc: httpbis-chairs@ietf.org, mnot@mnot.net, draft-ietf-httpbis-tunnel-protocol.shepherd@ietf.org, draft-ietf-httpbis-tunnel-protocol.ad@ietf.org, draft-ietf-httpbis-tunnel-protocol@ietf.org, ietf-http-wg@w3.org
Content-Transfer-Encoding: 7bit
Resent-Date: Wed, 10 Jun 2015 10:03:02 +0200
Message-Id: <20150609205915.29041.3629.idtracker@ietfa.amsl.com>
X-Name-Md5: efe3dad792d606410c9cc49cedaffc94
Resent-To: ietf-http-wg@w3.org
To: The IESG <iesg@ietf.org>
X-Mailer: Apple Mail (2.2098)
X-W3C-Hub-Spam-Status: No, score=-1.0
X-W3C-Hub-Spam-Report: ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, NML_ADSP_CUSTOM_MED=0.9, T_RP_MATCHES_RCVD=-0.01, W3C_NW=1
X-W3C-Scan-Sig: lisa.w3.org 1Z2ayW-000096-LI 32fac2e8f5ee88573e1f19fe1488745a
X-Original-To: ietf-http-wg@w3.org
Subject: Kathleen Moriarty's Discuss on draft-ietf-httpbis-tunnel-protocol-04: (with DISCUSS and COMMENT)
Archived-At: <http://www.w3.org/mid/20150609205915.29041.3629.idtracker@ietfa.amsl.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29746
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Kathleen Moriarty has entered the following ballot position for draft-ietf-httpbis-tunnel-protocol-04: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-httpbis-tunnel-protocol/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- The SecDir review called out an important point on authentication & authorization for http://www.ietf.org/mail-archive/web/secdir/current/msg05748.html The SecDir review has the the fuller set of questions. Here is the summary: "The draft never says what the proxy should do if the client makes one claim in the ALPN header, but then does something different (including using different ALPNs in encapsulated TLS negotiations). Seems like it should. Also, the draft seems to suggest that it is okay to use the ALPN for policy/ authorization decisions. This is unreliable from a security perspective. At minimum, I think the draft should explicitly call this out." It seems to me that authentication relies on TLS. Maybe stating this explicitly would address the concern? Is there a reason this should be in the ALPN header(I'm not sure of that, just asking)? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I support Stephen's discuss and comments.
- Re: Kathleen Moriarty's Discuss on draft-ietf-htt… Martin Thomson
- Kathleen Moriarty's Discuss on draft-ietf-httpbis… Kathleen Moriarty
- Re: [Moderator Action] Kathleen Moriarty's Discus… Kathleen Moriarty