IETF Logo Mail Archive

Re: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02

Catherine Meadows <catherine.meadows@nrl.navy.mil> Tue, 14 July 2009 21:13 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF4D13A677E; Tue, 14 Jul 2009 14:13:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.931
X-Spam-Level:
X-Spam-Status: No, score=-2.931 tagged_above=-999 required=5 tests=[AWL=-0.333, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bb+ph6EynyUT; Tue, 14 Jul 2009 14:13:00 -0700 (PDT)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by core3.amsl.com (Postfix) with ESMTP id 3A2043A6B2C; Tue, 14 Jul 2009 14:10:51 -0700 (PDT)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.6/8.13.6) with ESMTP id n6EL6DHM002668; Tue, 14 Jul 2009 17:06:13 -0400 (EDT)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.6/8.13.6) with SMTP id n6EL6AVt023002; Tue, 14 Jul 2009 17:06:10 -0400 (EDT)
Received: from gilgamesh.fw5540.net ([10.0.3.67]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2009071417060926918 ; Tue, 14 Jul 2009 17:06:09 -0400
Message-Id: <F9F8AB1D-E652-4B4B-A977-7B6BD0F4D1C0@nrl.navy.mil>
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
To: "Hollenbeck, Scott" <shollenbeck@verisign.com>
In-Reply-To: <046F43A8D79C794FA4733814869CDF0702B8DD4F@dul1wnexmb01.vcorp.ad.vrsn.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-6-862912848"
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Tue, 14 Jul 2009 17:06:08 -0400
References: <73F6E47F-B165-4018-A822-F49908F8A8DD@nrl.navy.mil> <046F43A8D79C794FA4733814869CDF0702B8DD4F@dul1wnexmb01.vcorp.ad.vrsn.com>
X-Mailer: Apple Mail (2.935.3)
Cc: iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-hollenbeck-rfc4930bis-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2009 21:13:01 -0000

Hi Scott:

By Transport ID, I would assume the  identifer(s)  associated with the  
transport level authentication key.
For EPP ID I would assume whatever identification is associated with  
an EPP instance.
II wasn't actually present at the discussion on channel binding so  
can't be more specific than this.
If there is anyone in the secdir group listening who has some more  
information on this I'd appreciate
hearing from them.

Cathy

On Jul 14, 2009, at 10:34 AM, Hollenbeck, Scott wrote:

> From: Catherine Meadows [mailto:catherine.meadows@nrl.navy.mil]
> Sent: Tuesday, July 14, 2009 9:56 AM
> To: secdir@ietf.org; iesg@ietf.org; Hollenbeck, Scott
> Cc: Catherine Meadows
> Subject: Secdir review of draft-hollenbeck-rfc4930bis-02
>
> I have reviewed this document as part of the security directorate's  
> ongoing effort to review all IETF documents being processed by the  
> IESG. These comments were written primarily for the benefit of the  
> security area directors.  Document editors and WG chairs should  
> treat these comments just like any other last call comments.
>
> Note:  I recently submitted a review of draft-hollenbeck- 
> rfc4933bis-02.  That was a mistake on my part; that was not the  
> document I was supposed to review.
> Sandy Murphy is down for reviewing that one.  I am supposed to  
> review this one.  This document is the update of the based  
> specification of  EPP, and so is related to rfc4933bis-02.
>
> I've also had some discussion with Sandy about the issue she raised  
> with respect to draft-hollenbeck-rfc4933bis-02.  That is actually  
> what I first thought it was:  EPP only does a weak form of  
> authentication.
> So it depends on strong authentication done at the transport level  
> or application level.  However there is nothing in the document that  
> I can see
> that says that the EPP ID must match the transport ID.  Thus, if it  
> is relying on the
> authentication being done at the transport level, there appears to  
> be nothing to prevent the transport level channel being replaced by  
> another one at some point.  I am not enough of an expert on EPP
> to make a definite recommendation as to how or whether this needs to  
> be addressed, but I feel that this is something that needs to be  
> brought to the attention of the IESG and discussed in the next  
> telechat.   If the
> issue does need to be addressed, rfc4930bis is the place where it  
> should be handled.
>
>
> Please help me understand what you mean by "EPP ID" and "transport  
> ID".
>
> -Scott-

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil

v2.23.0 | Report a Bug | By Email