IETF Logo Mail Archive

Re: [secdir] MTI ... Re: Security review of draft-ietf-oauth-dyn-reg-management-12

Ben Laurie <benl@google.com> Thu, 02 April 2015 20:35 UTC

Return-Path: <benl@google.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBD291A1A83 for <secdir@ietfa.amsl.com>; Thu, 2 Apr 2015 13:35:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B332FNVIx99T for <secdir@ietfa.amsl.com>; Thu, 2 Apr 2015 13:35:27 -0700 (PDT)
Received: from mail-qc0-x236.google.com (mail-qc0-x236.google.com [IPv6:2607:f8b0:400d:c01::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F41E91A1A7B for <secdir@ietf.org>; Thu, 2 Apr 2015 13:35:19 -0700 (PDT)
Received: by qcgx3 with SMTP id x3so76823100qcg.3 for <secdir@ietf.org>; Thu, 02 Apr 2015 13:35:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=mrBVmlniGYyxDPmMEOKl2deRoQ5PBUO8K+pbKV8zvRs=; b=mNiGUDbopsLaObbTRgHYO2A5Dl1+/c5rc9cnoTcH6jwXDikcLbfcFe+3eky+p6hJeP OsWN4IA0r2WYZ54hnLNykKAymacYKQ+pXYTDXO3ObXqjROpk5Qeh67KMjRk3kmlI0MkS jvh+Y2utrPMI0BL7PRVU0W/8SOH8hplLY+xgtJqyTpcsZ9k5tXnrD0/8WErgarm5tX3e Ch1qVcKw7SIQVo9899tdHkGzw2mK090VhfBx8H3d+QaBQHWbl+DnTOMydZizxwS7O4y2 Qq76r6psjavL71iM6qk9HPnBIJpRf+IRLSnlwlNe3MJkoBlHN8Rt/INehLQ6uJcL9/DF r+eQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=mrBVmlniGYyxDPmMEOKl2deRoQ5PBUO8K+pbKV8zvRs=; b=PL0tp+mEItg8IbYstG9pTo7ngyuOjNjHFanlL6WLQcPpIyAEFJLVwBiVbkk4ZcY8zq ZYraL2bRSi7pzYb4ZD/DRvKraKivoXjY0WHySjeLmvHqeTKpScH7dDGhj1Sht+OISkFG rjZdBWOa2cRLhTjGmn/v6Rr9b9o3fz4a9vW4lNaODk3ncSK6TQvAZkO3wLb+fefIZuEN LSusHsy9BrxJ29A1a10wslPyX4QOXpTQPvQPHURpaTmqlU7rsWWR/Kjbg5h89NQJlKsH /RHWxfH9KfBBDyQSfqZwKnXLGaqBB8jWRn1bYlSX9hPTC4dvW723uLr5SaJCr4bc8f5h Teww==
X-Gm-Message-State: ALoCoQkYWi3fpbFsCOSpBpAVpWSYgFubph5nOz+FNwdwlqiFvi2kFUEuIaD7eGHhHFeTu94IPu88
MIME-Version: 1.0
X-Received: by 10.55.22.23 with SMTP id g23mr1576017qkh.4.1428006919238; Thu, 02 Apr 2015 13:35:19 -0700 (PDT)
Received: by 10.229.178.135 with HTTP; Thu, 2 Apr 2015 13:35:19 -0700 (PDT)
In-Reply-To: <o12wc7.nm5299.2vaes4-qmf@mercury.scss.tcd.ie>
References: <CABrd9STmvLWy_Bz7e+pN_0vANxajtD+fMzVM+trwn6+k50Mifw@mail.gmail.com> <551C0005.2000309@gmx.net> <alpine.GSO.1.10.1504011209550.22210@multics.mit.edu> <551C1970.4050600@cs.tcd.ie> <551C2568.3050301@gmx.net> <o12wc7.nm5299.2vaes4-qmf@mercury.scss.tcd.ie>
Date: Thu, 02 Apr 2015 21:35:19 +0100
Message-ID: <CABrd9SSzNaWKOP4hVwpuB+5n_n6Cm0AouKgXgMpDoJR0i2JGwg@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/raZTleJ8plvwfvXCS3IwdbU9Xys>
Cc: draft-ietf-oauth-dyn-reg-management.all@tools.ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] MTI ... Re: Security review of draft-ietf-oauth-dyn-reg-management-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 20:35:27 -0000

On 1 April 2015 at 18:36,  <stephen.farrell@cs.tcd.ie> wrote:
>
>
> On Wed Apr 1 18:05:44 2015 GMT+0100, Hannes Tschofenig wrote:
>> Ben, Stephen,
>>
>> I believe that this would be a good idea although it does not really
>> solve the underlying problem. Why? If we put a reference to the UTA BCP
>> in there then we end up in the need to update our documents in the not
>> too distance future to point to a new UTA BCP that talks about TLS 1.3.
>
>
> No. Put in the bcp number and not the rfc number.

I'd love to believe that story, because that would be awesome.

But when I look at BCPs, I see, for example:

BCP49 Delegation of IP6.ARPA R. Bush [ August 2001 ] ( TXT = 5727
bytes)(Obsoleted by RFC3596) (Updates RFC2874, RFC2772, RFC2766,
RFC2553, RFC1886) (Also RFC3152) (Status: BEST CURRENT PRACTICE)

Obsoleted? Updates? Also?

What am I, as an implementer, supposed to do, if I'm told "follow BCP
49"? "Obsoleted" is particularly worrying.

v2.23.0 | Report a Bug | By Email