Re: [regext] Warren Kumari's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Tue, 31 July 2018 14:24 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3EBA130E2C; Tue, 31 Jul 2018 07:24:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xCp5ajgrR3tc; Tue, 31 Jul 2018 07:24:23 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 309CC130E21; Tue, 31 Jul 2018 07:24:23 -0700 (PDT)
X-AuditID: 12074423-aa3ff70000004ef5-c2-5b6071139274
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id F8.EB.20213.411706B5; Tue, 31 Jul 2018 10:24:21 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id w6VEOE8b005144; Tue, 31 Jul 2018 10:24:15 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w6VEO8i4017577 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 31 Jul 2018 10:24:10 -0400
Date: Tue, 31 Jul 2018 09:24:08 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>
Cc: "'warren@kumari.net'" <warren@kumari.net>, "'iesg@ietf.org'" <iesg@ietf.org>, "'regext-chairs@ietf.org'" <regext-chairs@ietf.org>, "'tim.chown@jisc.ac.uk'" <tim.chown@jisc.ac.uk>, "'regext@ietf.org'" <regext@ietf.org>, "Gould, James" <jgould@verisign.com>, "'draft-ietf-regext-rdap-object-tag@ietf.org'" <draft-ietf-regext-rdap-object-tag@ietf.org>
Message-ID: <20180731142408.GI96369@kduck.kaduk.org>
References: <153296860192.827.8824953027965906564.idtracker@ietfa.amsl.com> <fd7b0f69e9c34ae685034b4a1957ecdd@verisign.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <fd7b0f69e9c34ae685034b4a1957ecdd@verisign.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrEKsWRmVeSWpSXmKPExsUixG6nritamBBtMOOjtMXXF4eYLWb8mchs 8XXPHmaLl11PmS2uTjjCaLF85jlGi76fj9ksDh+7zOTA4XFi2RVWjyVLfjJ5rPx9hc3j9o0/ 7B67NjewBbBGcdmkpOZklqUW6dslcGXcOzWBteAKe8XkH9cYGxgXsXUxcnJICJhIHH7YzwRi CwksZpL4OjEQwt7IKPF5Pm8XIxeQfZVJYvG8rewgCRYBVYndT+axgNhsAioSDd2XmUFsEQFn idPLVrKANDALTGOWmLjrBVhCWCBZ4uT7A6wgNi/Qtp2vdzNDbKiVmP/xJhNEXFDi5MwnYEOZ BbQkbvx7CRTnALKlJZb/4wAxOQVsJGY8igOpEBVQltjbd4h9AqPALCTNs5A0z0JoXsDIvIpR NiW3Sjc3MTOnODVZtzg5MS8vtUjXTC83s0QvNaV0EyM4+F2UdzC+7PM+xCjAwajEw+uhFR8t xJpYVlyZe4hRkoNJSZRXOT8hWogvKT+lMiOxOCO+qDQntfgQowQHs5IIr40MUDlvSmJlVWpR PkxKmoNFSZz3fk14tJBAemJJanZqakFqEUxWhoNDSYL3FchQwaLU9NSKtMycEoQ0EwcnyHAe oOGfQGp4iwsSc4sz0yHypxh1Of68nzqJWYglLz8vVUqc9yZIkQBIUUZpHtwcUNKSyN5f84pR HOgtYV7LAqAqHmDCg5v0CmgJE9AS7ZBYkCUliQgpqQZG06UPG3ft22zAt7ghT+KeghFD2237 KRHa/e1nMit3LDn4wsnDvXvyEd2nHXqe5fJSV+UrdjZ8NdNMuum1Q/D9ytg/O3c2m5h/vWlk JdD/veTKqYDdHqZb/5TP4Jm6Yvrr+D/HdQ6xNi0q6sj6+kt6witr9vjtn9rXrIma0jYl1vVe U9zRv71LlFiKMxINtZiLihMBbDty2zUDAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/0JNmTVx9UeodNJhe9efOrK4xbAA>
Subject: Re: [regext] Warren Kumari's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2018 14:24:25 -0000
On Tue, Jul 31, 2018 at 11:07:51AM +0000, Hollenbeck, Scott wrote: > Better? I hesitate to say "The transport used to access the IANA registries SHOULD (or MUST) be over TLS" because that's not something the RDAP client controls - it's controlled by IANA's web server (which, in fact, is currently redirecting http connections to https). Well, to a large extent it *is* something the RDAP client controls. If it starts out with http and waits to be redirected to https, it retains all the security vulnerabilities of unencrypted http, including the ability for an attacker to inject traffic with a fake reply, redirect to an attacker-controlled server, etc. An RDAP client that insists on TLS (to IANA) and performs certificate verification is assured of either getting validated data from IANA or a connection failure. Perhaps that's not always the best desired behavior, but it seems like it would be desired almost all of the time (hence, SHOULD). -Benjamin
- Re: [regext] Warren Kumari's No Objection on draf… Hollenbeck, Scott
- Re: [regext] Warren Kumari's No Objection on draf… Warren Kumari
- [regext] Warren Kumari's No Objection on draft-ie… Warren Kumari
- Re: [regext] Warren Kumari's No Objection on draf… Hollenbeck, Scott
- Re: [regext] Warren Kumari's No Objection on draf… Benjamin Kaduk
- Re: [regext] Warren Kumari's No Objection on draf… Warren Kumari