Re: [kitten] AD review of draft-ietf-kitten-sasl-saml-ec-19

"Cantor, Scott" <cantor.2@osu.edu> Thu, 03 September 2020 13:53 UTC

Return-Path: <cantor.2@osu.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B1A43A0C61; Thu, 3 Sep 2020 06:53:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=osu.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52R-cOPSTww4; Thu, 3 Sep 2020 06:53:27 -0700 (PDT)
Received: from mx0b-002cfd01.pphosted.com (mx0b-002cfd01.pphosted.com [148.163.155.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A32893A0C55; Thu, 3 Sep 2020 06:53:27 -0700 (PDT)
Received: from pps.filterd (m0130879.ppops.net [127.0.0.1]) by mx0a-002cfd01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 083DqL7Z011571; Thu, 3 Sep 2020 09:53:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=osu.edu; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=pps1; bh=1Eo8XfjtknEX60cjw4iWlBOU7BTQo7ehS8UlHo4hSSM=; b=LAp1JKGv0CPO4lpG72/J5zidaMfcRiMPGEhLSdDHAbGFmopZWS3mEQlO+79KrtZu4+/w vVBm47uN3uaaxGrW5n4YFF6E+CSEHC681Gx17xvwiMahejoL64r/thgV2VgDn167I0XD 1JUJZyBkB3D1CQN4HwGztRhpZMFTlAswoQccLuG+A5gfaWGpdc486BXztRMmDfq3kQ6X f0EkDmX81ryAh9gsAVp8JlIggWlOloDPTSI+r7UJRHQ8QGyCw4RgGjM2yP7Dus3tkuIq mais2qx13ZojmtLuUbkD11NwTYC2wLxid8wdIWr45glydvh11qN/LAhPvqKPognkaJpM Zg==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2176.outbound.protection.outlook.com [104.47.58.176]) by mx0a-002cfd01.pphosted.com with ESMTP id 33agrn6hkh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 03 Sep 2020 09:53:26 -0400
Received: from CO2PR06CA0068.namprd06.prod.outlook.com (2603:10b6:104:3::26) by BN7PR01MB3794.prod.exchangelabs.com (2603:10b6:406:81::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.23; Thu, 3 Sep 2020 13:53:22 +0000
Received: from CO1NAM05FT008.eop-nam05.prod.protection.outlook.com (2603:10b6:104:3:cafe::9b) by CO2PR06CA0068.outlook.office365.com (2603:10b6:104:3::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3348.16 via Frontend Transport; Thu, 3 Sep 2020 13:53:21 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 128.146.138.10) smtp.mailfrom=osu.edu; ietf.org; dkim=pass (signature was verified) header.d=osu.edu;ietf.org; dmarc=pass action=none header.from=osu.edu;
Received-SPF: Pass (protection.outlook.com: domain of osu.edu designates 128.146.138.10 as permitted sender) receiver=protection.outlook.com; client-ip=128.146.138.10; helo=cio-socc-esr05.osuad.osu.edu;
Received: from cio-socc-esr05.osuad.osu.edu (128.146.138.10) by CO1NAM05FT008.mail.protection.outlook.com (10.152.96.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.8 via Frontend Transport; Thu, 3 Sep 2020 13:53:21 +0000
Received: from cio-tnc-ex04.osuad.osu.edu (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by cio-socc-esr05.osuad.osu.edu (Postfix) with ESMTPS id 65251A0; Thu, 3 Sep 2020 09:53:20 -0400 (EDT)
Received: from cio-tnc-ex04.osuad.osu.edu (128.146.193.3) by cio-tnc-ex04.osuad.osu.edu (128.146.193.3) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Thu, 3 Sep 2020 09:53:20 -0400
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.103) by smtp.service.osu.edu (128.146.193.3) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5 via Frontend Transport; Thu, 3 Sep 2020 09:53:20 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qiw9talLtfCiEAXW6xB96smLC4A6KUw4msYRA95K9FEx8Q4UlXJbkjN3uj3bgshwLJ0t9lxyGLMSPBXCrqCI4ntOrhKufB4g66UXg6+SqO4A2Sx/U97rTFyVvzGVsbbLg0SgDt3SW8mgEX2NA6UIIJ97/N4tkrwZKnTv5HNL+AAOLzQ1UXc23upvCIF4WiQwChoT+QPja4gwemwMTvrnfBKdswH82XOo6IS3VO5WHNgzXBs7AF0EOdTjcz8QnjHRu+sgRMMpy3uW5a4MCu1Lrqb0K+ObhhB4cshe4f2gjjDWPprEGdQlD4i8L9EAwO2tsoX7l865et8nesxHdgknOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1Eo8XfjtknEX60cjw4iWlBOU7BTQo7ehS8UlHo4hSSM=; b=nG3R/KgY5huamqN3tWXxUfS61Q9NfgENUUMReGmcjexGlhXh9zTOsnxwJkpP46nbWQGHVhNfa0ADA3VR471W3TDz22yij0+TqduUdY6d7juiKApbDzTKtz3G3cGQJXimUh1seK5s8bbSSiZaJpXgFvlOc+dfXkjRcoW9+2wrfdMVWAXcP1lHaF/r3zxiAhWiEBQ66uki6J4wi4WWD0ejOpvJFKj92+CGugm63FsXt2y3rvYTTd4/73nGxYjnmuq+ETM9QQcRliXoa3/Sg2dl5a47bqFz+lqR6fcYoiwWSBkaCRdx/WZ6NE1LVcCCQDpHP/WrT9sXSIWa09XcJqk/uA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=osu.edu; dmarc=pass action=none header.from=osu.edu; dkim=pass header.d=osu.edu; arc=none
Received: from DM6PR01MB4076.prod.exchangelabs.com (2603:10b6:5:1e::14) by DM6PR01MB4602.prod.exchangelabs.com (2603:10b6:5:66::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.19; Thu, 3 Sep 2020 13:53:19 +0000
Received: from DM6PR01MB4076.prod.exchangelabs.com ([fe80::ac25:d88a:ea92:6fc7]) by DM6PR01MB4076.prod.exchangelabs.com ([fe80::ac25:d88a:ea92:6fc7%5]) with mapi id 15.20.3326.025; Thu, 3 Sep 2020 13:53:19 +0000
From: "Cantor, Scott" <cantor.2@osu.edu>
To: Benjamin Kaduk <kaduk@mit.edu>, "draft-ietf-kitten-sasl-saml-ec@ietf.org" <draft-ietf-kitten-sasl-saml-ec@ietf.org>
CC: "kitten@ietf.org" <kitten@ietf.org>
Thread-Topic: AD review of draft-ietf-kitten-sasl-saml-ec-19
Thread-Index: AQHWgX0zfRTWfQZI302w6FLekDvWuqlWrR8A
Date: Thu, 3 Sep 2020 13:53:19 +0000
Message-ID: <D5CD96B0-CC1C-4788-8479-EF77EB1B4263@osu.edu>
References: <20200902230243.GH16914@kduck.mit.edu>
In-Reply-To: <20200902230243.GH16914@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20080203
Authentication-Results-Original: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=osu.edu;
x-originating-ip: [2600:1700:f6b0:6070:51f3:652d:62b:8ea3]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 0220f023-20a8-4390-934c-08d85010b849
x-ms-traffictypediagnostic: DM6PR01MB4602:|BN7PR01MB3794:
X-Microsoft-Antispam-PRVS: <BN7PR01MB3794D8182BD8231B37185580D02C0@BN7PR01MB3794.prod.exchangelabs.com>
x-header-sapphire: true
x-ms-oob-tlc-oobclassifiers: OLM:5236;OLM:5236;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: f5riwA7oSxzkrQrwk+MigreqlYd7EikHU3AblAdLu8cxJXibmQm31xwFUclQWF6WtunmRSv0b61UEVBO/aWjXBflmi0NEOOH36Qf+j98ezfhqJdrVJLsOc8bt3+tR4LR/goaVnwiZIBWx9/Da6aA2zkaViFBD0PIwERf3CkRJs/ztMqVYBnus+FC5jfRhYeTEDTmLqWB49g3Q1sULuUzLaZEhR3UbZOTUCWFYx+bB5OLBoCiRCm6ZYC8DOPdwgPYZr6C2sxOYafebKcBATGtBYQ6iK1pg80u/sLAvNbLhBZpqCsA1817k+YPjJm8EiKhp8i3+s72xmYaqkanl49Qxg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR01MB4076.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(376002)(366004)(39860400002)(136003)(76116006)(6486002)(6506007)(8936002)(91956017)(786003)(6512007)(2906002)(66556008)(4326008)(83380400001)(64756008)(110136005)(66446008)(316002)(478600001)(66476007)(86362001)(36756003)(4744005)(71200400001)(33656002)(66946007)(8676002)(186003)(2616005)(75432002)(5660300002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: i5SxS1Eb0tkxTw9JqDdfbTMI0Mmj/PujPNS8ubwviL8XRdsZbkPSbcDVJVcknCtm3N/vjdpK2zrKsBcNpFheiKdD1+XbMIn0lbzA4901BjzGKK09hEESAEVHuwDkJL9iUNWKHUuqv5Hk0255oHO6MfUefPjBNNFzGBiVpdwYcDfWHD3ueEm1CPh1IwtiryMnjnRyKHnLASBAJkJhKvRozCgArvPVMwYZhmX3tUatF1OqINHN98SxGZTnoGCJtjocQqVNcJHLA5QZeHbgw/hmcbwQABHyRkuw6+mbWs7TCjhumRiQJ5Gkv/RiGZ+PIr6XD/vdRoiUYKOhKSUT4Odr6g11G9PtZIkep/QSaIF9m0aWL4zB62S9shl6D9AOR1O8nJSkxJndDdt0PRzmUr1KdDFeE08WxquSAIVc1gKSQB4Xqn/DZE+BVSAao1+dzmBPG70nlMsGl0WWhxaPtiTT7ywNjAggvI3lUi4h+pi4IhEA4U+prmXiPrlISVJTkQuxqmcU0iT8hu7AuTaVrWB6wPxoPaFokIMgq83UUXYo8bDiggLsqjTsYt9ONS1o0/+pFEokLgQz6Bzd2aWODRqbtdkj+x8w2kzaNg79TBeVxB+lOCHY8W6Hb1EEA6bsNqUQKBxZE32fWmNKRAgp4zLEOM01Xwqcn4ch2xw0QcG10EYjrdflkYNlVzWYa1aSnOX+TkGfqWUUoCOB6BiU7D3Cfg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <ADB39472EC60D04BABFD3EFE7F2943C7@prod.exchangelabs.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR01MB4602
x-header-osu-auth: True
X-CFilter-Loop: Reflected
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: CO1NAM05FT008.eop-nam05.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 6d484edf-8b10-4324-445d-08d85010b715
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: kelxEWUDyEGANi1BGws9GAEuLF/hdKOJFncUPONW6s3TGJC7JDsvmIPm0NWRqLjgDhsFsW5a4p6AcyrVZxWwOodsUmu8lorfyyfNfP+A0YIpOP1WY5YnfqNHYFIODXbZvnaPZ+3bW7bzFLVB3zH562pbdguUGkOgznABXLbZqPZy3YY//XPcutkgQWgnoWVrX4o0u6R87EE06kQbxtklsuM9kxYFF0qcC9SemY+bpv/6vSEojOcVJmHlsVzTIyUs8GsYNzurt+ccpMrq+GeJnXKVgKQjNffHjWIowoLDBHVKuCOvfBdeAodSc8ZdlMVYqBRa+Jm32T4Gzq2YTIMvqUaOQLuiCG+MOQvVkwuvZRtaZQVXWdipfF3yJit9x7nM6rMu3skTrhve2dWrp11wLz1X7OOhiE7j3xwbOl4pbNsaYvs1svOMIZBLQx4LV4Zb
X-Forefront-Antispam-Report: CIP:128.146.138.10; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:cio-socc-esr05.osuad.osu.edu; PTR:cio-socc-esr05.osuad.osu.edu; CAT:NONE; SFS:(4636009)(396003)(39860400002)(346002)(376002)(136003)(46966005)(316002)(82740400003)(786003)(83380400001)(70206006)(2616005)(33656002)(82310400003)(6486002)(478600001)(8676002)(110136005)(70586007)(356005)(4744005)(47076004)(6512007)(6506007)(5660300002)(186003)(33310700002)(7596003)(75432002)(336012)(36756003)(26005)(2906002)(86362001)(8936002)(4326008); DIR:OUT; SFP:1102;
X-OriginatorOrg: osu.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Sep 2020 13:53:21.2414 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 0220f023-20a8-4390-934c-08d85010b849
X-MS-Exchange-CrossTenant-Id: eb095636-1052-4895-952b-1ff9df1d1121
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=eb095636-1052-4895-952b-1ff9df1d1121; Ip=[128.146.138.10]; Helo=[cio-socc-esr05.osuad.osu.edu]
X-MS-Exchange-CrossTenant-AuthSource: CO1NAM05FT008.eop-nam05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR01MB3794
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-03_06:2020-09-03, 2020-09-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 impostorscore=0 malwarescore=0 phishscore=0 mlxlogscore=999 bulkscore=0 priorityscore=1501 adultscore=0 spamscore=0 mlxscore=0 lowpriorityscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2009030128
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/E1Z7qfreDC2YpYZ5Mf4bzWqa-88>
Subject: Re: [kitten] AD review of draft-ietf-kitten-sasl-saml-ec-19
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Sep 2020 13:53:30 -0000

While I appreciate the detailed review, mostly for my own educational purposes, I simply don't have anything close to the cycles it would take to redo the document to such a degree. Nobody is funding me to work on it, and events have long since overtaken it.

I was hoping that it was more or less close to workable, and it's a vast improvement over the clearly-broken SAML and OAuth mechanisms that got rubber-stamped a long while back. That mistake is frankly what really motivated me at the time to work on it, but that was many years ago now.

Scott Cantor
cantor.2@osu.edu
Enterprise Security
The Ohio State University