[secdir] Secdir review of draft-ietf-abfab-aaa-saml

"Paul Hoffman" <paul.hoffman@vpnc.org> Mon, 14 December 2015 03:57 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 307621A8712 for <secdir@ietfa.amsl.com>; Sun, 13 Dec 2015 19:57:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Level:
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UIGRDw1O5pyW for <secdir@ietfa.amsl.com>; Sun, 13 Dec 2015 19:57:23 -0800 (PST)
Received: from hoffman.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 836E61A86FD for <secdir@ietf.org>; Sun, 13 Dec 2015 19:57:23 -0800 (PST)
Received: from [10.32.60.44] (50-1-98-110.dsl.dynamic.fusionbroadband.com [50.1.98.110]) (authenticated bits=0) by hoffman.proper.com (8.15.2/8.14.9) with ESMTPSA id tBE3vKFd058136 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 13 Dec 2015 20:57:21 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: hoffman.proper.com: Host 50-1-98-110.dsl.dynamic.fusionbroadband.com [50.1.98.110] claimed to be [10.32.60.44]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: secdir <secdir@ietf.org>
Date: Sun, 13 Dec 2015 19:57:20 -0800
Message-ID: <C7067E43-506A-414E-BD3E-85A4E7002857@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.3r5187)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/FCM3c6CyfJ1FpzEzVRD4S1gr160>
Cc: Josh.Howlett@ja.net, hartmans-ietf@mit.edu, alex@um.es
Subject: [secdir] Secdir review of draft-ietf-abfab-aaa-saml
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Dec 2015 03:57:24 -0000

Greetings. I'm the SecDir reviewer for draft-ietf-abfab-aaa-saml. I 
apologize for the lateness of this review, particularly because I have 
what might be a significant question on the draft.

The first two paragraphs of the Security Considerations section read:

    In this specification, the Relying Party MUST trust any statement in
    the SAML messages from the IdP in the same way that it trusts
    information contained in RADIUS attributes.  These entities MUST
    trust the RADIUS infrastructure to provide integrity of the SAML
    messages.

    Furthermore, the Relying Party MUST apply policy and filter the
    information based on what information the IdP is permitted to assert
    and on what trust is reasonable to place in proxies between them.

These seem like pretty important considerations. I fully admit that I 
might have missed it, but are they actually mentioned earlier in the 
document? I would have expected them in the Introduction, or at least in 
Section 7.

If those requirements are not listed early, shouldn't they be?

--Paul Hoffman