IETF Logo Mail Archive

Re: [kitten] I-D Action: draft-ietf-kitten-pkinit-freshness-01.txt

Michiko Short <michikos@microsoft.com> Fri, 13 March 2015 18:56 UTC

Return-Path: <michikos@microsoft.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 139EB1A908E for <kitten@ietfa.amsl.com>; Fri, 13 Mar 2015 11:56:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C96-X3U1C2CM for <kitten@ietfa.amsl.com>; Fri, 13 Mar 2015 11:56:12 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0756.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:756]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B43F1A8AB6 for <kitten@ietf.org>; Fri, 13 Mar 2015 11:56:12 -0700 (PDT)
Received: from BL2PR03MB212.namprd03.prod.outlook.com (10.255.230.151) by BL2PR03MB210.namprd03.prod.outlook.com (10.255.230.144) with Microsoft SMTP Server (TLS) id 15.1.112.13; Fri, 13 Mar 2015 18:55:45 +0000
Received: from BL2PR03MB212.namprd03.prod.outlook.com ([169.254.15.76]) by BL2PR03MB212.namprd03.prod.outlook.com ([169.254.15.76]) with mapi id 15.01.0112.000; Fri, 13 Mar 2015 18:55:45 +0000
From: Michiko Short <michikos@microsoft.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
Thread-Topic: [kitten] I-D Action: draft-ietf-kitten-pkinit-freshness-01.txt
Thread-Index: AQHQXZiJ07vPZrskK0qMbSTckV74FZ0an2mggAAi1zA=
Date: Fri, 13 Mar 2015 18:55:45 +0000
Message-ID: <BL2PR03MB2127227DDC7941010BC26A6D0070@BL2PR03MB212.namprd03.prod.outlook.com>
References: <20150307024328.31740.75123.idtracker@ietfa.amsl.com> <alpine.GSO.1.10.1503111348200.3953@multics.mit.edu> <alpine.GSO.1.10.1503111405000.3953@multics.mit.edu> <5500AD51.5030902@mit.edu> <alpine.GSO.1.10.1503111725490.3953@multics.mit.edu> <BL2PR03MB2124E0360819B3162C9E48DD0060@BL2PR03MB212.namprd03.prod.outlook.com> <tsl38590yn0.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:ed31::2]
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BL2PR03MB210;
x-forefront-antispam-report: BMV:1; SFV:NSPM; SFS:(10019020)(6009001)(230783001)(86612001)(86362001)(102836002)(110136001)(46102003)(92566002)(106116001)(76576001)(99286002)(33656002)(62966003)(77156002)(2656002)(2171001)(87936001)(551544002)(74316001)(93886004)(2900100001)(122556002)(50986999)(54356999)(76176999)(40100003)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BL2PR03MB210; H:BL2PR03MB212.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
x-microsoft-antispam-prvs: <BL2PR03MB210FF296A6D49F2FF7AA258D0070@BL2PR03MB210.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(5002009)(5005006); SRVR:BL2PR03MB210; BCL:0; PCL:0; RULEID:; SRVR:BL2PR03MB210;
x-forefront-prvs: 05143A8241
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.onmicrosoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Mar 2015 18:55:45.4806 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2PR03MB210
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/oqCHpcEVoE27kTUk9FXiCs8ttro>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-pkinit-freshness-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2015 18:56:14 -0000

Once the tool reopens then I will submit the version without the client request behavior. 

[Michiko Short] Creating a freshness token will be a crypto hit on the KDC, so sending freshness tokens to clients who will never use them will negatively impact KDC performance with no gains. If the PKInit client does not explicitly ask for the token, then clients using password authentication will also have freshness tokens generated and sent to them.

v2.23.0 | Report a Bug | By Email