[lemonade] Re: Comments on draft-ietf-lemonade-urlauth-07.txt
Randall Gellens <randy@qualcomm.com> Tue, 09 August 2005 22:16 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E2cOA-00079i-JR; Tue, 09 Aug 2005 18:16:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E2cO9-00078U-Pk; Tue, 09 Aug 2005 18:16:01 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA18531; Tue, 9 Aug 2005 18:15:58 -0400 (EDT)
Received: from warlock.qualcomm.com ([129.46.50.49]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E2cw6-0000ag-SE; Tue, 09 Aug 2005 18:51:09 -0400
Received: from [192.168.1.13] (vpn-10-50-0-75.qualcomm.com [10.50.0.75]) by warlock.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j79MFfoZ005946; Tue, 9 Aug 2005 15:15:42 -0700 (PDT)
Mime-Version: 1.0
Message-Id: <p07000c0cbf1ed94319e8@[192.168.1.13]>
In-Reply-To: <Pine.OSX.4.63.0508050254260.477@pangtzu.panda.com>
References: <p07000c03bf127ddcfd5c@[192.168.1.13]> <Pine.OSX.4.63.0508050254260.477@pangtzu.panda.com>
X-Mailer: Eudora for Mac OS X v7.0a
X-message-flag: Using Outlook? Upgrade to Eudora: <http://www.eudora.com>
Date: Tue, 09 Aug 2005 15:12:16 -0700
To: Mark Crispin <mrc@CAC.Washington.EDU>
From: Randall Gellens <randy@qualcomm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Random-Sig-Tag: 1.0b28
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc: Lemonade <lemonade@ietf.org>, iesg@ietf.org
Subject: [lemonade] Re: Comments on draft-ietf-lemonade-urlauth-07.txt
X-BeenThere: lemonade@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Enhancements to Internet email to support diverse service enivronments <lemonade.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:lemonade@ietf.org>
List-Help: <mailto:lemonade-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=subscribe>
Sender: lemonade-bounces@ietf.org
Errors-To: lemonade-bounces@ietf.org
At 3:07 AM -0700 8/5/05, Mark Crispin wrote: > It's 3AM here, so please forgive me if I have a brain fart. > > On Fri, 5 Aug 2005, Randall Gellens wrote: >> Technical: >> >> Section 3, lines 239-241: "Use of either of these access >> identifiers makes it impossible for an attacker, spying on the >> session, to use the same URL, either directly or by submission to a >> message submission entity." >> >> The "impossible" depends on the attacker being able to capture the >> session, but not be able to use the same submission server or to >> capture the user's authentication credentials (for either the IMAP >> or submit services). While this seems very obvious, and perhaps >> not worth saying, it does mean, for example, that an attacker who >> shares the same submission server can reuse a URLAUTH protected by >> "submit+", > > I don't see how, given the semantics of submit+<userid>, which > requires that "only a userid authorized as a message submission > entity on behalf of the specified userid is permitted to use this > URL. Normally, this will be the current authorization userid on > the submission server. > > So the attacker must not merely share the same submision server; > the attacker must be able to authorize as that userid on the > submission server in order to reuse a URL protected by "submit+". This comment was a minor one, since I don't think it affects the security considerations either way. Likely I'm the one confused, but if user B captures a urlauth URL for user A, and shares the same servers, then B can submit a new message using the same urlauth URL, right? If they don't share the same servers (both submission and IMAP), then this won't work. Also, if B can capture the message submission of A, then B can directly capture data not referenced by a URL, and this is a threat regardless of the use of urlauth or not. > > I don't think that I need to answer your other comments; the > desired document action in each case all seems to be obvious. I agree, the bulk of my comments were requests for minor wording tweaks or typo corrections. > Please let me know if you feel that you need feedback, since > otherwise I intend to do the seemingly obvious when preparing it > for an RFC. No need to respond to each of my comments individually. > If I'm not mistaken, this document has finished WGLC and is > awaiting IESG action, correct? If it's still in WGLC, I wouldn't > mind issuing a new I-D with your action items addressed. My understanding is it has passed WGLC. I anticipated that my comments would get addressed with IETF Last Call or IESG comments, if any; if there are none then AUTH48 will do. -- Randall Gellens Opinions are personal; facts are suspect; I speak for myself only -------------- Randomly-selected tag: --------------- There's only one corner of the universe you can be certain of improving that's your own self. --Aldous Huxley _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade
- [lemonade] Comments on draft-ietf-lemonade-urlaut… Randall Gellens
- [lemonade] Re: Comments on draft-ietf-lemonade-ur… Mark Crispin
- RE: [lemonade] Re: Comments on draft-ietf-lemonad… Eric Burger
- RE: [lemonade] Re: Comments on draft-ietf-lemonad… Mark Crispin
- [lemonade] Re: Comments on draft-ietf-lemonade-ur… Randall Gellens
- [lemonade] Re: Comments on draft-ietf-lemonade-ur… Mark Crispin
- [lemonade] Re: Comments on draft-ietf-lemonade-ur… Randall Gellens