Re: [saag] New Version Notification for draft-richer-vectors-of-trust-07.txt
Justin Richer <jricher@mit.edu> Sun, 18 March 2018 13:56 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42BCA12711A; Sun, 18 Mar 2018 06:56:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 43SnpxPC76e5; Sun, 18 Mar 2018 06:56:12 -0700 (PDT)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6897126C0F; Sun, 18 Mar 2018 06:56:11 -0700 (PDT)
X-AuditID: 12074425-1a5ff7000000167b-8f-5aae6ff7f166
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 27.A0.05755.8FF6EAA5; Sun, 18 Mar 2018 09:56:09 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id w2IDu3XL032426; Sun, 18 Mar 2018 09:56:05 -0400
Received: from dhcp-90dd.meeting.ietf.org (dhcp-90dd.meeting.ietf.org [31.133.144.221]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w2IDtx1v021360 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 18 Mar 2018 09:56:02 -0400
From: Justin Richer <jricher@mit.edu>
Message-Id: <4E90B3B8-6B2A-4604-92D4-A4BBB2B05E02@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_31506C08-41D4-48D4-A8A8-803734C5627A"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Sun, 18 Mar 2018 13:56:15 +0000
In-Reply-To: <EBA69A3C-4984-4BEB-A230-4AA40791895B@sn3rd.com>
Cc: saag@ietf.org, draft-richer-vectors-of-trust@ietf.org
To: Sean Turner <sean@sn3rd.com>
References: <202944E0-CBED-465B-A55F-A6F1BE4E3F10@mit.edu> <EBA69A3C-4984-4BEB-A230-4AA40791895B@sn3rd.com>
X-Mailer: Apple Mail (2.3445.5.20)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrBKsWRmVeSWpSXmKPExsUixG6nrvszf12UwcW32hbH/3WwWEzp72Sy uLKqkdmB2WPJkp9MHgcPMgYwRXHZpKTmZJalFunbJXBltH0+w1xwahdjxampbewNjJcXMHYx cnJICJhINKw4ztzFyMUhJLCYSeJJ13smCGcjo0TPpf2MEM4VJokFKyaCtbAJqEpMX9PCBGLz ClhJzD21ByzOLJAk8eDZXTaIuInE+7cPwWqEBfwkzr2BWMcC1NuzcytYnFPAVuLG2/XsXYwc QL2WEg+WiYCERQQUJJqOPmAFsYUEciV+ND5mgrhUSWL699tsExj5ZyHZNgvJNoi4tsSyha+Z IWxNif3dy1kwxTUkOr9NZF3AyLaKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI10IvN7NELzWldBMj OMhdVHcwzvnrdYhRgINRiYdXomxtlBBrYllxZe4hRkkOJiVR3rub10QJ8SXlp1RmJBZnxBeV 5qQWH2KU4GBWEuE1iFoXJcSbklhZlVqUD5OS5mBREuf1MNGOEhJITyxJzU5NLUgtgsnKcHAo SfDuzQNqFCxKTU+tSMvMKUFIM3FwggznARoumw8yvLggMbc4Mx0if4rRnmPLo5dtzBwHwOSN F6+BZMOmVd3MQix5+XmpUuK8DCBtAiBtGaV5cJNBCUy+dcLdV4ziQI8K8yqAVPEAkx/c7FdA a5mA1vosXQOytiQRISXVwLj4z/vyw75PfG8XfhG0dDku1HnyB8sy+RNv7dJe1m15USzK2nBq gcb118KtHbziOj7XxVgL1rIGrQ/fKfatMIBj6/Wm3odLzZM70leubv5rPfGwUVFnXP1xm8a5 h9PLkksWHbe0OVOiG3h6v+IG5upvJlOv9F88qPLCZylTzA/5tun3p7l1TVBiKc5INNRiLipO BABzyc64OwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/FbUfyaHY7WV10kH1KRj5RJxAtzQ>
Subject: Re: [saag] New Version Notification for draft-richer-vectors-of-trust-07.txt
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2018 13:56:15 -0000
Hi everyone, I’ve uploaded a new version of Vectors of Trust that addresses all of Sean’s comments. Name: draft-richer-vectors-of-trust Revision: 08 Title: Vectors of Trust Document date: 2018-03-18 Group: Individual Submission Pages: 23 URL: https://www.ietf.org/internet-drafts/draft-richer-vectors-of-trust-08.txt <https://www.ietf.org/internet-drafts/draft-richer-vectors-of-trust-08.txt> Status: https://datatracker.ietf.org/doc/draft-richer-vectors-of-trust/ <https://datatracker.ietf.org/doc/draft-richer-vectors-of-trust/> Htmlized: https://tools.ietf.org/html/draft-richer-vectors-of-trust-08 <https://tools.ietf.org/html/draft-richer-vectors-of-trust-08> Htmlized: https://datatracker.ietf.org/doc/html/draft-richer-vectors-of-trust <https://datatracker.ietf.org/doc/html/draft-richer-vectors-of-trust> Diff: https://www.ietf.org/rfcdiff?url2=draft-richer-vectors-of-trust-08 <https://www.ietf.org/rfcdiff?url2=draft-richer-vectors-of-trust-08> — Justin > On Mar 12, 2018, at 7:11 PM, Sean Turner <sean@sn3rd.com> wrote: > > Messages related to draft-richer-vectors-of-trust. > >> Begin forwarded message: >> >> From: Justin Richer <jricher@mit.edu <mailto:jricher@mit.edu>> >> Subject: Re: New Version Notification for draft-richer-vectors-of-trust-07.txt >> Date: March 12, 2018 at 19:09:35 GMT >> To: Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> >> Cc: Leif Johansson <leifj@sunet.se <mailto:leifj@sunet.se>> >> >>>> On Mar 12, 2018, at 18:07, Justin Richer <jricher@mit.edu <mailto:jricher@mit.edu>> wrote: >>>> >>>> Hi Sean, thanks so much. Responses inline: >>>> >>>>> On Mar 12, 2018, at 1:46 PM, Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> wrote: >>>>> >>>>> Sorry just found the gh repo in an old mail … I can put in PRs if you want on the nits. >>>> >>>> Yes please, that would be great. Feel free to do it as just one PR or several, whatever’s your preference. >>> >>> I will try my best to not screw up the xml. >>> >>>>> spt >>>>> >>>>>> On Mar 12, 2018, at 17:33, Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com>> wrote: >>>>>> >>>>>> Here’s my review of draft-richer-vectors-of-trust (should I send this someplace else too -secdir?): >>>>>> >>>>>> tl;dr: I like the idea after I got over my RBAC flashbacks! >>>> >>>> I totally get that, and since this work is meant to stand in contrast to RBAC if there’s a way we can make that clearer then that would be good. >>> >>> After we exchanged those emails earlier I was wondering if the RBAC-flashback was a good thing or a bad thing. I come to think it was a good thing because it definitely gets you thinking about what worked and what didn’t. >>> >>>>>> I’ll be honest that at first I was like here we go again, but I do like that you managed to keep it to only 4 vectors initially and allow it to be expanded later. I thought the recommendation for the second marker (alpha vs numeric) was pretty much what I would have done: P needs to have # the others not so much. Not that for the same reasons you did C0 you could also do A0 - it is a “No”. >>>> >>>> What would an A0 be, though? An unsigned assertion? C0 is something you might want to communicate (we did nothing in particular but there’s a user here maybe) but I’m not seeing the value in A0. >>>> >>>> As another example of how this works, NIST’s implementation uses both alpha and numeric for all their categories, requiring numeric for base values and adding alpha values as optional additional info on top of the category the number represents. >>>> >>>> https://github.com/usnistgov/800-63-3/blob/volume-d/sp800-63d/vot_mapping.md <https://github.com/usnistgov/800-63-3/blob/volume-d/sp800-63d/vot_mapping.md> >>> >>> I was simply thinking about 0 = None/No. I don’t think you have to change it to make all of the ones with no checks 0. >>> >>>>>> >>>>>> I was initially a little confused about it being standards track because it’s specifying a framework, but you are specifying a wire format so that seems okay in my book. >>>> >>>> I’m fine with whatever target is recommended but it feels standards track to me. >>> >>> Like I said initially I was like oh it’s a framework, but once you started defining stuff that gets sent on the wire well I can go with standards track. >>> >>>>>> Question in s3.4: When you say “such as a session cookie in a web browser” you talking about HTTP’s cookies right and not TLSs? >>>> >>>> Yes, HTTP cookies. We can add text to make that more explicit. >>> >>> I can slap that in my PR. >>> >>>>>> The IANA considerations section looks fine. I assume you two would offer to the Des? >>>> >>>> Yes. I volunteer and I’ll gladly volunteer Leif. >>> >>> I guess this is more for the ADs to know there’s a pool of candidates waiting to that the lead :) >>> >>>>>> I can see some asking for more information for the Sec/Priv sections, bit honestly what you got there is pretty much it: don’t send these things in the clear, bind them with cryptography, and don’t share too much otherwise you’ll give away something you might not have meant to. So, in my book that’s probably good enough. >>>> >>>> I found it hard to draw out much more than what we’ve got in there, especially in privacy because this is by its nature identifying information. Happy to expand if anyone’s got a good suggestion. >>> >>> I think this is exactly the right way to play it. You could write a novel here, but instead hit the hi points. When somebody says what about blah you can point them at the gh repo and PRs welcome ;) >>> >>>>>> Nits: >>>>>> >>>>>> 0) Update to match the new terminology paragraph: >>>>>> >>>>>> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL >>>>>> NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", >>>>>> "MAY", and "OPTIONAL" in this document are to be interpreted as >>>>>> described in BCP 14 [RFC2119] [RFC8174] when, and only when, they >>>>>> appear in all capitals, as shown here. >>>> >>>> Sounds fine. >>> >>> Can do. >>> >>>>>> 1) s5.1: vtr vs votr? I know everybody loves the 3-letter once but it make more sense that vot is the request and votr is the response. I’m in no way going any where near a mat to argue this point though. >>>> >>>> The JWT community loves the three-letter fields so we went with this. If we were to change it (which I’d kinda rather not) I’d instead go with “vot_req” to expand it out. >>> >>> Ah I get that - no need to change it. >>> >>>>>> 2) s8: sentence end abruptly: >>>> >>>> I think it’s just missing a reference target which rendered funny >>> >>> I’ll leave this one to you because I’m not sure where it’s supposed to point. >>> >>>>>> 3) I think both SP-800 references are missing something. >>>> >>>> Possibly, I wasn’t sure how to best pull those in. >>> >>> I’ll see what I can dig up and put it in the PR. >>> >>>>>> 4) I-D nits complains about two outdated references: >>>>>> >>>>>> ** Obsolete normative reference: RFC 5226 (Obsoleted by RFC 8126) >>>>>> >>>>>> ** Obsolete normative reference: RFC 7159 (Obsoleted by RFC 8259) >>>> >>>> I had no idea there was a new JSON, again! >>> >>> This bit me in the ass earlier this month. >>> >>>> — Justin >>>> >
- [saag] Fwd: New Version Notification for draft-ri… Sean Turner
- Re: [saag] New Version Notification for draft-ric… Justin Richer