Re: [kitten] Request for feedback: draft-wibrown-ldapssotoken
William Brown <wibrown@redhat.com> Tue, 06 September 2016 02:22 UTC
Return-Path: <wibrown@redhat.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC2D412B092 for <kitten@ietfa.amsl.com>; Mon, 5 Sep 2016 19:22:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.41
X-Spam-Level:
X-Spam-Status: No, score=-8.41 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.508, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cpp7hPOCnLX7 for <kitten@ietfa.amsl.com>; Mon, 5 Sep 2016 19:22:30 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55778128E19 for <kitten@ietf.org>; Mon, 5 Sep 2016 19:22:30 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id F02C361E47; Tue, 6 Sep 2016 02:22:14 +0000 (UTC)
Received: from rei.prd.blackhats.net.au (ovpn-116-7.phx2.redhat.com [10.3.116.7]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u862MCJR018754 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 5 Sep 2016 22:22:14 -0400
Message-ID: <1473128531.15290.4.camel@redhat.com>
From: William Brown <wibrown@redhat.com>
To: Luke Howard <lukeh@padl.com>
Date: Tue, 06 Sep 2016 12:22:11 +1000
In-Reply-To: <900064F9-C173-49DE-9973-F7CE6A3762EE@padl.com>
References: <1473028515.26123.44.camel@redhat.com> <900064F9-C173-49DE-9973-F7CE6A3762EE@padl.com>
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-cR7Q3lHvC3gXNORUzYAr"
Mime-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 06 Sep 2016 02:22:15 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/JhZVC4_BWbB5m9ZbBq7fdn6uduw>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Request for feedback: draft-wibrown-ldapssotoken
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2016 02:22:32 -0000
On Mon, 2016-09-05 at 11:31 +1000, Luke Howard wrote: > Hi William, > > It would be worth mentioning in a Security Considerations section that this protocol (like all bearer tokens) is vulnerable to replay attacks. > Thank you, this is a excellent point. I have added this section and updated the draft. https://tools.ietf.org/html/draft-wibrown-ldapssotoken-01 -- Sincerely, William Brown Software Engineer Red Hat, Brisbane
- [kitten] Request for feedback: draft-wibrown-ldap… William Brown
- Re: [kitten] Request for feedback: draft-wibrown-… Luke Howard
- Re: [kitten] Request for feedback: draft-wibrown-… William Brown
- Re: [kitten] Request for feedback: draft-wibrown-… William Brown