Re: [kitten] Opsdir last call review of draft-ietf-kitten-tls-channel-bindings-for-tls13-09
Alexey Melnikov <alexey.melnikov@isode.com> Mon, 25 October 2021 13:45 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF43B3A0DB8; Mon, 25 Oct 2021 06:45:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.429
X-Spam-Level:
X-Spam-Status: No, score=-5.429 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-3.33, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YAvBFifYG0-a; Mon, 25 Oct 2021 06:44:57 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 87ED83A0C60; Mon, 25 Oct 2021 06:44:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1635169494; d=isode.com; s=june2016; i=@isode.com; bh=+bS3rD15j5fP7y7RTHpTkX/TUhyvX0H45J6J8kOWgA0=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=JGaE0Qzf3wp2DcWK6c/9zRBGZDzzT3Cv3WezeoDzaXuJy9L5QHYihmBuiMrf7QxJFtTwYk 5xY9lwE4CiSKDbbUm9N2LhPT6/eSVgKXeswdYf2p8BhIj2tZiaaIPtXMj0/z0nSQdjKv2j NAsswB8XujVI+oLf6cVXT9PGCAuBy1k=;
Received: from [192.168.1.222] (host5-81-100-13.range5-81.btcentralplus.com [5.81.100.13]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <YXa01ABc-a0w@waldorf.isode.com>; Mon, 25 Oct 2021 14:44:53 +0100
To: Sam Whited <sam@samwhited.com>, Ludovic BOCQUET <ludo_bocquet@hotmail.com>
Cc: KITTEN Working Group <kitten@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "draft-ietf-kitten-tls-channel-bindings-for-tls13.all@ietf.org" <draft-ietf-kitten-tls-channel-bindings-for-tls13.all@ietf.org>
References: <163415374625.30942.884569969141527344@ietfa.amsl.com> <PR3P193MB1070CF0B74981CAF46C38739F9B89@PR3P193MB1070.EURP193.PROD.OUTLOOK.COM> <76baf740-44ac-48c9-8c78-bd36fcb5ee48@www.fastmail.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <3e31bd21-372a-a154-3863-61ec62250c54@isode.com>
Date: Mon, 25 Oct 2021 14:44:52 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0
In-Reply-To: <76baf740-44ac-48c9-8c78-bd36fcb5ee48@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/DvDUpK3FvxNX09zuRwOJvAsKXig>
Subject: Re: [kitten] Opsdir last call review of draft-ietf-kitten-tls-channel-bindings-for-tls13-09
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Oct 2021 13:45:08 -0000
On 15/10/2021 14:41, Sam Whited wrote:
> As I've mentioned before to you, I don't believe it updates this
> document in any way as the statement about unique master secrets in that
> document is still true either way and does not need to be modified. I'm
> not against adding this if others also agree, but I just don't see it.
As RFC 7677 only specifies use of "tls-unique" as
mandatory-to-implement, I agree that it should be updated to point to
your draft.
> Maybe you could propose some text for how you think it updates 7677 or
> where you think a reference to 7677 would be appropriate and that would
> make things more clear?
How about a short new section ("Update to RFC 7677") that contains
something like the following:
As "tls-unique" channel binding is not defined for TLS 1.3 [RFC8446],
when using SCRAM-SHA-256/SCRAM-SHA-256-PLUS over TLS 1.3, the
"tls-exporter" channel binding [tls-1.3-channel-binding] MUST be the
default channel binding (in the sense specified in Section 6.1 of
[RFC5802]) to use. Note that this document doesn't change the default
channel binding to use for SCRAM-SHA-256/SCRAM-SHA-256-PLUS over TLS 1.2
[RFC5246], which is still "tls-unique".
Best Regards,
Alexey
> —Sam
>
> On Thu, Oct 14, 2021, at 18:12, Ludovic BOCQUET wrote:
>> It is possible to add in "Updates": 7677?
>>
>> In the text too?
>>
>> And at the bottom:
>>
>> [RFC7677] Tony Hansen, "SCRAM-SHA-256 and SCRAM-SHA-256-
>> PLUS Simple Authentication and Security Layer (SASL)
>> Mechanisms", RFC7677, DOI 10.17487/RFC7677, November
>> 2015, <https://www.rfc-editor.org/info/rfc7677>.
>>
>> Thanks in advance.
- [kitten] Opsdir last call review of draft-ietf-ki… Niclas Comstedt via Datatracker
- Re: [kitten] Opsdir last call review of draft-iet… Ludovic BOCQUET
- Re: [kitten] Opsdir last call review of draft-iet… Sam Whited
- Re: [kitten] Opsdir last call review of draft-iet… Alexey Melnikov
- Re: [kitten] Opsdir last call review of draft-iet… Sam Whited
- Re: [kitten] Opsdir last call review of draft-iet… Alexey Melnikov
- Re: [kitten] Opsdir last call review of draft-iet… Sam Whited