Re: [kitten] Gen-art LC review: draft-ietf-kitten-rfc6112bis-02

Benjamin Kaduk <kaduk@MIT.EDU> Tue, 25 October 2016 01:51 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6420129A68; Mon, 24 Oct 2016 18:51:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.632
X-Spam-Level:
X-Spam-Status: No, score=-4.632 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uB9wXdzJcQEU; Mon, 24 Oct 2016 18:51:48 -0700 (PDT)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D1C1128DF6; Mon, 24 Oct 2016 18:51:47 -0700 (PDT)
X-AuditID: 12074425-457ff70000004d73-96-580ebab15871
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 46.8A.19827.1BABE085; Mon, 24 Oct 2016 21:51:46 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id u9P1pikr006656; Mon, 24 Oct 2016 21:51:45 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u9P1pfJ5015336 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 24 Oct 2016 21:51:43 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id u9P1peqE025465; Mon, 24 Oct 2016 21:51:40 -0400 (EDT)
Date: Mon, 24 Oct 2016 21:51:39 -0400 (EDT)
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Shawn M Emery <shawn.emery@oracle.com>
In-Reply-To: <474b703b-983b-419e-9493-9eba128040a5@oracle.com>
Message-ID: <alpine.GSO.1.10.1610242150080.5272@multics.mit.edu>
References: <023b4b96-77ef-a78e-3546-4d05f339d5e0@nostrum.com> <alpine.GSO.1.10.1610231420240.5272@multics.mit.edu> <474b703b-983b-419e-9493-9eba128040a5@oracle.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpnleLIzCtJLcpLzFFi42IR4hTV1t20iy/CYPpaTovjp9awWlx99ZnF 4tnG+SwWRzevYrG4NqeRzaLv9SF2BzaPJUt+MnnM2vmExePj01ssAcxRXDYpqTmZZalF+nYJ XBkNr3kKFrBXLLjewNbAeJe1i5GTQ0LAROL3y+NANheHkEAbk8TxxhcsEM5GRolDPzayQTiH mCS2nl7FCOE0MEr0nmwG62cR0JaYubiJBcRmE1CRmPkGpIOTQ0RAS+JGQwcTSAOzwCZGiVf3 TjKDJIQF7CXOLjsG1sApYCfR9fMOUBEHB6+Ag8TRLqg7ljJK7LlwmB2kRlRAR2L1/ilg9bwC ghInZz4Bs5mBFiyfvo1lAqPALCSpWUhSCxiZVjHKpuRW6eYmZuYUpybrFicn5uWlFula6OVm luilppRuYgSFMbuL6g7GOX+9DjEKcDAq8fAyGPBFCLEmlhVX5h5ilORgUhLlnbkJKMSXlJ9S mZFYnBFfVJqTWnyIUYKDWUmE13cjUI43JbGyKrUoHyYlzcGiJM773+1ruJBAemJJanZqakFq EUxWhoNDSYJ3506gRsGi1PTUirTMnBKENBMHJ8hwHqDhMiA1vMUFibnFmekQ+VOMuhwLftxe yyTEkpeflyolznsTpEgApCijNA9uDjj97GZSfcUoDvSWMG8GSBUPMHXBTXoFtIQJaIlgPA/I kpJEhJRUAyNTUYng6sxJpkV5FyuzTP61/XtwPNWmfNLSc9PfTeWy/xdaP/vKKT+TsN/M0z9U ZN92/Fb51dKmRsjYsK24xsr61+mT7KyvPH33xHtbXAhhXecrcXuvj6ODfulO3YLbswUzk0xO tNxqjF6Xway5KSCrqin+oeACGSeO1D9KR29eKrO9fiZNT4mlOCPRUIu5qDgRAPm3SKUaAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/thu0U4Lfjd1Myv5tWnIqE8tVVZw>
Cc: kitten@ietf.org, General Area Review Team <gen-art@ietf.org>, draft-ietf-kitten-rfc6112bis.all@ietf.org, ietf@ietf.org, Robert Sparks <rjsparks@nostrum.com>
Subject: Re: [kitten] Gen-art LC review: draft-ietf-kitten-rfc6112bis-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2016 01:51:50 -0000

On Mon, 24 Oct 2016, Shawn M Emery wrote:

>
> Agreed, however I noticed another area that could use better 2119 language in
> regards to this.  Here are the proposed updates:
>
> OLD:
> Care MUST be taken by the KDC not to reveal the client's identity in the
> authorization data of the returned ticket when populating the authorization
> data in a returned anonymous ticket.
> NEW:
> The KDC MUST NOT reveal the client's identity in the authorization data of the
> returned ticket when populating the authorization data in a returned anonymous
> ticket.
>
> OLD:
> Care MUST be taken by the TGS not to reveal the client's identity in the
> authorization data of the returned ticket.
> NEW:
> The TGS MUST NOT reveal the client's identity in the authorization data of the
> returned ticket.

Those do look like parallel constructions that should get the same
treatment.  Thanks for spotting it.

-Ben