IETF Logo Mail Archive

[saag] draft-farrell-decade-ni-09

Hannes Tschofenig <hannes.tschofenig@gmx.net> Sun, 15 July 2012 10:02 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0B5721F8600 for <saag@ietfa.amsl.com>; Sun, 15 Jul 2012 03:02:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.63
X-Spam-Level:
X-Spam-Status: No, score=-102.63 tagged_above=-999 required=5 tests=[AWL=-0.031, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D0BlkWFfp3NT for <saag@ietfa.amsl.com>; Sun, 15 Jul 2012 03:02:38 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 87E3321F85F9 for <saag@ietf.org>; Sun, 15 Jul 2012 03:02:37 -0700 (PDT)
Received: (qmail invoked by alias); 15 Jul 2012 10:03:17 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.106]) [88.115.216.191] by mail.gmx.net (mp027) with SMTP; 15 Jul 2012 12:03:17 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1/e0Mo7SPTekFLqcHCB4OxsyjeetP7baVr6BHH2Q+ 3vJbJq2mQuXWYQ
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Sun, 15 Jul 2012 13:03:16 +0300
Message-Id: <36712B13-7409-484B-8A86-85AE8A5CB23A@gmx.net>
To: saag@ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Subject: [saag] draft-farrell-decade-ni-09
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jul 2012 10:02:38 -0000

Hi all, 

I don't really know what the right place is to discuss this document. Hence, I trying the saag mailing list. 

I read through the document and my impression is that it tries to accomplish a little bit too too much. 

As a high level comment you cannot make an assumption about what information is hashed. Another specification is needed to explain the semantic and these other documents exist. For example, I had asked on the TLS mailing list whether we should use this document to convey fingerprints of raw public keys (which come in form of a SubjectPublicKeyInfo in our case). 

This has an impact on the security consideration section, the hash algorithm registry, and various statements made in the document. 

For example, the statement that "... the hash SHOULD be calculated over the public key in an X.509 SubjectPublicKeyInfo structure..." isn't really useful when the document aims to provide hashes of all sorts of objects and some might not even be X.509 certificates at all. 

The encoding of the URI also seems a bit strange. It seems that you have started with the Web use case and then though "Cool. This could be useful in other protocols as well.". But the problem is that other protocols have their own encoding. For example, in the TLS out-of-band validation mechanism there is no internationalization issue nor a need to do a base64 encoding. The binary encoding falls into that category as well.  

The .well-known seems to me pretty unrelated to this specification and may have sneaked into the document as part of the Web use case. 

The security consideration is a collection of random thoughts. I have difficulty understanding what is being said there. There are in general two problems to come up with a meaningful text. The first problem is related to the generic nature of your document: it makes a difference what you hash. To pick the TLS oob validation document again there we have a hash of the public key. In other cases you are talking about hashing some file or other objects. Then, the second problem is that you do not know what is done with the hash as part of the overall protocol interaction of the application that is using your URI scheme. So, in the TLS oob validation draft the hash of the public key is associated with the public key cached from an earlier exchange and is also linked to the private key that is then used in the TLS handshake. In other applications the hash just be used to point to some state information that is retrieved. 

In a nutshell, there is room to simplify the document. 

Ciao
Hannes

PS: I am not sure what you are trying to accomplish with the Content Type Query String.

v2.23.0 | Report a Bug | By Email