Re: [kitten] draft-ietf-kitten-pkinit-freshness-01.txt
Benjamin Kaduk <kaduk@MIT.EDU> Tue, 11 August 2015 03:32 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 423E31A92AC for <kitten@ietfa.amsl.com>; Mon, 10 Aug 2015 20:32:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.312
X-Spam-Level:
X-Spam-Status: No, score=-2.312 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8xpHcxjdjIVT for <kitten@ietfa.amsl.com>; Mon, 10 Aug 2015 20:32:55 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 078251A92A9 for <kitten@ietf.org>; Mon, 10 Aug 2015 20:32:54 -0700 (PDT)
X-AuditID: 1209190e-f79c76d000002631-25-55c96ce5c0a5
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 65.EA.09777.5EC69C55; Mon, 10 Aug 2015 23:32:53 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id t7B3WqgH019437; Mon, 10 Aug 2015 23:32:53 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t7B3WnB6010683 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 10 Aug 2015 23:32:52 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t7B3WnCB003036; Mon, 10 Aug 2015 23:32:49 -0400 (EDT)
Date: Mon, 10 Aug 2015 23:32:49 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Michiko Short <michikos@microsoft.com>
In-Reply-To: <BLUPR03MB2130CF578F643B49893E822D08E0@BLUPR03MB213.namprd03.prod.outlook.com>
Message-ID: <alpine.GSO.1.10.1508102331200.22210@multics.mit.edu>
References: <BL2PR03MB212C650A42B863B9891422CD0A40@BL2PR03MB212.namprd03.prod.outlook.com> <alpine.GSO.1.10.1506241735330.22210@multics.mit.edu> <BLUPR03MB2130CF578F643B49893E822D08E0@BLUPR03MB213.namprd03.prod.outlook.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrDIsWRmVeSWpSXmKPExsUixCmqrfs052SowfR/0hZHN69isfjXzefA 5LFkyU8mj9Ydf9kDmKK4bFJSczLLUov07RK4MhpefGUu+C9Q0bz/L3MD43/eLkZODgkBE4mr q66xQNhiEhfurWfrYuTiEBJYzCSxtXMFE4SzkVHi/YOlLBDOISaJxrMTWSGcBkaJY9uXMHcx cnCwCGhLrO7MBhnFJqAiMfPNRjYQW0RAS+LDhdNgK5gF1CW+nXnDCFIuLGAmsewcD0iYUyBa 4tSZM2AlvAKOElc/L2aHGH+fUaLl9SdGkISogI7E6v1ToIoEJU7OfAI1U0ti+fRtLBMYBWch Sc1CklrAyLSKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI11gvN7NELzWldBMjOFAl+XYwfj2odIhR gINRiYdXwPNkqBBrYllxZe4hRkkOJiVR3o2pQCG+pPyUyozE4oz4otKc1OJDjBIczEoivK+c gHK8KYmVValF+TApaQ4WJXHeTT/4QoQE0hNLUrNTUwtSi2CyMhwcShK8idlAjYJFqempFWmZ OSUIaSYOTpDhPEDDM0BqeIsLEnOLM9Mh8qcYFaXEeftAEgIgiYzSPLheWCJ5xSgO9Iow71KQ Kh5gEoLrfgU0mAlosF3gCZDBJYkIKakGxnklyee+NZ30f3n1YK7Ypnt/LdgCTQUmtz9mcYg+ 80KdyzWvXqO+TC7+1jIBx76zbmHKPUZppwyWfYgI+bcxq0d9osLy0HBRhX+9zubdixzOvvWu 0Xu8UlYts/F09VXj42tPBv+47h7IoZ+cI/eYxy5BbVeisvZcSxnmi5pvFVRu+FrXTEhXYinO SDTUYi4qTgQAVP3D0P8CAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/GljczT5-x9AVX47nn8FP3wjuMLE>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] draft-ietf-kitten-pkinit-freshness-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2015 03:32:57 -0000
Hi Michiko, Thanks for the reminder, and sorry for the long delays (I've been busy moving). I'll get a WGLC started soon. -Ben On Mon, 27 Jul 2015, Michiko Short wrote: > Following up since it would be great to get an IANA number. > > -----Original Message----- > From: Benjamin Kaduk [mailto:kaduk@MIT.EDU] > Sent: Wednesday, June 24, 2015 2:45 PM > To: Michiko Short <michikos@microsoft.com> > Cc: kitten@ietf.org > Subject: Re: draft-ietf-kitten-pkinit-freshness-01.txt > > On Fri, 19 Jun 2015, Michiko Short wrote: > > > I believe we have answered Ben's question about client requesting the > > new feature. Ben, can you confirm? > > Sorry for the delay; it took me longer than I expected to reconstruct the history of the discussion. > > For the curious: I raised the question in http://www.ietf.org/mail-archive/web/kitten/current/msg05630.html of whether we are okay requiring all clients implementing freshness token support to implement the behavior of sending an empty PA_AS_FRESHNESS padata in order to request a freshness token. Michiko acknowledged this in http://www.ietf.org/mail-archive/web/kitten/current/msg05645.html and also mentioned two other options for ways for clients to get freshness tokens, though I don't think either got much discussion. (As described, neither seems particularly appealing, so that seems fine.) > > There was some follow-up discussion starting at http://www.ietf.org/mail-archive/web/kitten/current/msg05665.html , where Sam and Greg seem to agree that the proposed behavior (requiring the clients to explicitly request a freshness token) is acceptable, with varying degrees of enthusiasm. There is still disagreement about whether this sort of negotiation is required, but it seems clear that it is permitted, and no one is raising blocking objections. > > > If so, then I would like to see if we can put this in the queue for WGLC. > > I agree. I was hoping to get out a poll on what potential new work the WG is interested in undertaking (and in what order) before starting the next WGLC, but that seems to be taking much longer than I expected. Stay tuned for more... > > -Ben >
- [kitten] draft-ietf-kitten-pkinit-freshness-01.txt Michiko Short
- Re: [kitten] draft-ietf-kitten-pkinit-freshness-0… Benjamin Kaduk
- Re: [kitten] draft-ietf-kitten-pkinit-freshness-0… Michiko Short
- Re: [kitten] draft-ietf-kitten-pkinit-freshness-0… Benjamin Kaduk