Re: [secdir] weirds and certificate naming

Sean Turner <turners@ieca.com> Wed, 14 August 2013 23:51 UTC

Return-Path: <turners@ieca.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D92A521E80B0 for <secdir@ietfa.amsl.com>; Wed, 14 Aug 2013 16:51:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.26
X-Spam-Level:
X-Spam-Status: No, score=-101.26 tagged_above=-999 required=5 tests=[AWL=-0.484, BAYES_05=-1.11, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pkXIJ7mc7-ws for <secdir@ietfa.amsl.com>; Wed, 14 Aug 2013 16:51:27 -0700 (PDT)
Received: from gateway04.websitewelcome.com (gateway04.websitewelcome.com [67.18.15.11]) by ietfa.amsl.com (Postfix) with ESMTP id 1DC0D21E8082 for <secdir@ietf.org>; Wed, 14 Aug 2013 16:51:25 -0700 (PDT)
Received: by gateway04.websitewelcome.com (Postfix, from userid 5007) id 7BC3F86CDDB4; Wed, 14 Aug 2013 18:51:06 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway04.websitewelcome.com (Postfix) with ESMTP id 70BDD86CDD94 for <secdir@ietf.org>; Wed, 14 Aug 2013 18:51:06 -0500 (CDT)
Received: from [96.231.225.44] (port=53277 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80) (envelope-from <turners@ieca.com>) id 1V9kqZ-0000MZ-9t; Wed, 14 Aug 2013 18:51:23 -0500
Message-ID: <520C17FA.6030705@ieca.com>
Date: Wed, 14 Aug 2013 19:51:22 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Sam Hartman <hartmans-ietf@mit.edu>
References: <tslwqo9qyqx.fsf@mit.edu>
In-Reply-To: <tslwqo9qyqx.fsf@mit.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (thunderfish.local) [96.231.225.44]:53277
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 11
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Cc: secdir@ietf.org
Subject: Re: [secdir] weirds and certificate naming
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2013 23:51:37 -0000

Sam,

It looks like their MTI mechanism is:

  To that end, RDAP clients and
  servers MUST implement the authentication framework specified in
  "HTTP Authentication: Basic and Digest Access Authentication"
  [RFC2617].

spt

On 7/29/13 9:31 AM, Sam Hartman wrote:
>
>
> Hi.
> To the ADs and especially to the folks who have outstanding weirds
> reviews.
>
> Please chase down how a query name entered by a user makes its way into
> a URI and how weirds validates the certificate in that URI.
> I suspect that there are problems here.
> For example, I suspect insecure DNS queries may be used to find parts of
> that URI.
> Alternatively  even if DNSsec is available, I suspect supporting DNSsec
> may not be a MTI for weirds clients.
> So, I'm dubious whether weirds will have an interoperable MTI security
> mechanism.
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>