Re: [saag] Additions to RFC 3631?
Nico Williams <nico@cryptonector.com> Mon, 21 May 2012 18:07 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C71FE21F8611 for <saag@ietfa.amsl.com>; Mon, 21 May 2012 11:07:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA8MXzU7i8-L for <saag@ietfa.amsl.com>; Mon, 21 May 2012 11:07:04 -0700 (PDT)
Received: from homiemail-a77.g.dreamhost.com (caiajhbdcagg.dreamhost.com [208.97.132.66]) by ietfa.amsl.com (Postfix) with ESMTP id 7C99621F85DF for <saag@ietf.org>; Mon, 21 May 2012 11:07:03 -0700 (PDT)
Received: from homiemail-a77.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a77.g.dreamhost.com (Postfix) with ESMTP id 3917894065 for <saag@ietf.org>; Mon, 21 May 2012 11:07:03 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=dDKeULUI0FmMocZprOlgaw3jWwoNjALdj1VG3cTTG7NE 6gStkCnnAQGKuHabnOIQtYpYvaecTFd7PQ6O5vvYiixZaIZaFAwlwU6FSCO2Uo/M qTIkNmEAXv2JihFLQjajgoRSkoReExOohZ0rFFyTdEbXl7hF7YjKjrR3er5HFKo=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=aqJ+7j6jGpDdmljTEI/INoWQnlw=; b=NUZNzcTs6iU xWjr84sue4zaBtGeqVb4ZjiuuoiVqk9/gJwNoLdN8if+KizzTmFyjTw1ffVJcQmo dEBBYDJ7I+pNdjzXIz+oD+dIZVYK0mcqcedSWpESMKRjMdklsGZ37L0KZBsZeBDz LHHWPZKOA8DOFL1BN1GLNrjo8MkZAxb4=
Received: from mail-pb0-f44.google.com (mail-pb0-f44.google.com [209.85.160.44]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a77.g.dreamhost.com (Postfix) with ESMTPSA id 18ECD94064 for <saag@ietf.org>; Mon, 21 May 2012 11:07:03 -0700 (PDT)
Received: by pbcwy7 with SMTP id wy7so7416791pbc.31 for <saag@ietf.org>; Mon, 21 May 2012 11:07:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.226.73 with SMTP id rq9mr18029122pbc.145.1337623622765; Mon, 21 May 2012 11:07:02 -0700 (PDT)
Received: by 10.68.5.99 with HTTP; Mon, 21 May 2012 11:07:02 -0700 (PDT)
In-Reply-To: <416327B2-6E60-4D09-B3E7-D314F4FDD4E1@cs.columbia.edu>
References: <300A2E9F-E99B-46FA-A101-E3611BD0D197@cs.columbia.edu> <877gw69h81.fsf@latte.josefsson.org> <4FB9ECA4.3010904@gmail.com> <D54BB652-9B1D-4A19-8F8F-AF288E4ADE24@cs.columbia.edu> <78F24BEE-DD3B-474D-9E0B-1AC73CBE373A@vpnc.org> <CAK3OfOj=jR4R+hBDTcv-DNqqU0AdHHonSTOmsMpR3ZqmhDmbdQ@mail.gmail.com> <416327B2-6E60-4D09-B3E7-D314F4FDD4E1@cs.columbia.edu>
Date: Mon, 21 May 2012 13:07:02 -0500
Message-ID: <CAK3OfOjJviVNPpHfsie_KToVfO2rNB3Bq6MgkQvfuPSSKMhkog@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Steven Bellovin <smb@cs.columbia.edu>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, IETF Security Area Advisory Group <saag@ietf.org>
Subject: Re: [saag] Additions to RFC 3631?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 18:07:04 -0000
On Mon, May 21, 2012 at 12:59 PM, Steven Bellovin <smb@cs.columbia.edu> wrote: > On May 21, 2012, at 1:06 49PM, Nico Williams wrote: >> On Mon, May 21, 2012 at 11:42 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:>>> +1 to adding EAP as a mechanism. >>> >>> +/-0 to adding channel bindings, given how few people understand them. >> >> EIther it's important/useful or not. If it is then having some text >> in this RFC would help those people who don't understand CB. >> > I agree. But is it important/useful? Given that MSFT has implemented and deployed it I think it's at least useful. I do think CB is important -- certainly as a protocol design/analysis tool. I also think it should be used more often. You'd think I would think that, given that I'm the author of RFC5056, but I like to think that I'm objective enough on this topic... enough so that I can tell you what the biggest problem with CB is: the fact that it's one more thing that the application developer has to know about and do. It'd be nice if more of the protocol stack up to and including application-layer authentication (where there is the option to do that) were abstracted. Still, CB is relatively simple: extract the CB from the channel, feed it to authentication. Nico --
- Re: [saag] Additions to RFC 3631? Yaron Sheffer
- Re: [saag] Additions to RFC 3631? Eliot Lear
- Re: [saag] Additions to RFC 3631? Mouse
- Re: [saag] Additions to RFC 3631? Simon Josefsson
- [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Mouse
- Re: [saag] Additions to RFC 3631? Simon Josefsson
- Re: [saag] Additions to RFC 3631? Stephen Farrell
- Re: [saag] Additions to RFC 3631? Yaron Sheffer
- Re: [saag] Additions to RFC 3631? Eliot Lear
- Re: [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Paul Hoffman
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Joe Touch
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Yaron Sheffer
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Jeffrey Hutzelman
- Re: [saag] Additions to RFC 3631? Joe Touch
- Re: [saag] Additions to RFC 3631? Hannes Tschofenig
- Re: [saag] Additions to RFC 3631? Nico Williams
- Re: [saag] Additions to RFC 3631? Steven Bellovin
- Re: [saag] Additions to RFC 3631? Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [saag] Additions to RFC 3631? Steve Crocker
- Re: [saag] Additions to RFC 3631? Tschofenig, Hannes (NSN - FI/Espoo)