[kitten] Jari Arkko's Discuss on draft-ietf-kitten-pkinit-freshness-07: (with DISCUSS and COMMENT)
"Jari Arkko" <jari.arkko@piuha.net> Thu, 01 December 2016 09:29 UTC
Return-Path: <jari.arkko@piuha.net>
X-Original-To: kitten@ietf.org
Delivered-To: kitten@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B4B00129F36; Thu, 1 Dec 2016 01:29:03 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Jari Arkko <jari.arkko@piuha.net>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.39.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148058454371.10318.13833993922629313553.idtracker@ietfa.amsl.com>
Date: Thu, 01 Dec 2016 01:29:03 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/EL47kcmkVqb7s0M-_Ab20ndVeRw>
Cc: mrogers@redhat.com, kitten@ietf.org, kitten-chairs@ietf.org, housley@vigilsec.com, draft-ietf-kitten-pkinit-freshness@ietf.org
Subject: [kitten] Jari Arkko's Discuss on draft-ietf-kitten-pkinit-freshness-07: (with DISCUSS and COMMENT)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2016 09:29:04 -0000
Jari Arkko has entered the following ballot position for draft-ietf-kitten-pkinit-freshness-07: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-kitten-pkinit-freshness/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I am concerned about the issue that Russ Housley raised in his Gen-ART review: bad practices in creating the freshness tokens creates a security issue. If this cannot be handled in the way that Russ initially suggested (setting a minimum number of bits) then a proper discussion of the issue and recommendations to avoid the problems need to be included in the security considerations section. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Other issues from Russ' Gen-ART review should also be addressed (editorial ones + possible max size).