IETF Logo Mail Archive

Re: [secdir] MTI ... Re: Security review of draft-ietf-oauth-dyn-reg-management-12

Benjamin Kaduk <kaduk@MIT.EDU> Wed, 01 April 2015 16:11 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9B391ACF5D; Wed, 1 Apr 2015 09:11:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vy242ZXcyfdh; Wed, 1 Apr 2015 09:11:52 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CCF141ACF18; Wed, 1 Apr 2015 09:11:50 -0700 (PDT)
X-AuditID: 1209190d-f79676d000000da0-78-551c18c542d6
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 22.6C.03488.5C81C155; Wed, 1 Apr 2015 12:11:49 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id t31GBmeN017218; Wed, 1 Apr 2015 12:11:48 -0400
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t31GBjUl002880 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 1 Apr 2015 12:11:46 -0400
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id t31GBiqR029563; Wed, 1 Apr 2015 12:11:44 -0400 (EDT)
Date: Wed, 01 Apr 2015 12:11:44 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <551C0005.2000309@gmx.net>
Message-ID: <alpine.GSO.1.10.1504011209550.22210@multics.mit.edu>
References: <CABrd9STmvLWy_Bz7e+pN_0vANxajtD+fMzVM+trwn6+k50Mifw@mail.gmail.com> <551C0005.2000309@gmx.net>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprAKsWRmVeSWpSXmKPExsUixCmqrXtUQibUYMF0FYsNn6+xWZzr62K2 WLrzHqvFjD8TmS0+LHzI4sDqsXjTfjaPBZtKPZYs+cnk8eXyZ7YAligum5TUnMyy1CJ9uwSu jIZjR5kK9jBXTN52jbmB8QFTFyMnh4SAicSes99YIWwxiQv31rN1MXJxCAksZpKYM2seK4Sz gVHi4fs5LCBVQgIHmSTWrDCDsOsljj4/BdTBwcEioCXxtMsOJMwmoCIx881GNhBbRMBQ4vrM 6WBzmAVWMkr8frCOESQhLBAr0f5gC9hMTgF1ic/zJ4BdxCvgKLF+fT8zxPxsiV3v94LFRQV0 JFbvn8ICUSMocXLmEzCbGWjv8unbWCYwCs5CkpqFJLWAkWkVo2xKbpVubmJmTnFqsm5xcmJe XmqRrpFebmaJXmpK6SZGcGBL8u5gfHdQ6RCjAAejEg9vQ5R0qBBrYllxZe4hRkkOJiVRXg1R mVAhvqT8lMqMxOKM+KLSnNTiQ4wSHMxKIrySIkA53pTEyqrUonyYlDQHi5I476YffCFCAumJ JanZqakFqUUwWRkODiUJ3qfiQI2CRanpqRVpmTklCGkmDk6Q4TxAwxkkQIYXFyTmFmemQ+RP Mepy3JnyfxGTEEtefl6qlDjvNZBBAiBFGaV5cHNgCekVozjQW8K8x0CqeIDJDG7SK6AlTEBL HOZJgywpSURISTUwSvgE/t+0nPdinlr3XSnlNdWCk58nuUZNimW/4Bz6/265Qs/Jtg8tied1 bf/Fr9357frMv+2MOqu418x4Ob1vve+fMqPYYu4zsgLdVhZZdU08T+aJ6NlndxVoTDv3wLz9 amSrbpbi0UcNppNu6gYdf3O6ST588v/v+r+3CnyefGJ/60mJrKV6SizFGYmGWsxFxYkAhWXv yyMDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/lLlrh7DsabPB7YaQ1uhG71Tk3Po>
Cc: draft-ietf-oauth-dyn-reg-management.all@tools.ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] MTI ... Re: Security review of draft-ietf-oauth-dyn-reg-management-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 16:11:55 -0000

On Wed, 1 Apr 2015, Hannes Tschofenig wrote:

> I personally would like to replace these types of recommendations with
> references to a page on the IETF website that talks about the most
> recent TLS & ciphersuite recommendations. I am aware that this might
> create problems with claiming interoperability with a specific RFC...

Why not a BCP document for TLS usage?  It seems to be a charter item for
the uta WG already...

-Ben

v2.23.0 | Report a Bug | By Email