Re: [secdir] [Id-event] Secdir last call review of draft-ietf-secevent-token-09
Mike Jones <Michael.Jones@microsoft.com> Tue, 01 May 2018 23:00 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 133EF127137; Tue, 1 May 2018 16:00:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOM3lV3bMMXU; Tue, 1 May 2018 16:00:20 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on070b.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe48::70b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2383127201; Tue, 1 May 2018 16:00:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=z+MFboR+3m5hZcgSbc4r56Q87bkZmXZMo1e0bCvuQmQ=; b=iLBZ4uYU9N+BEgQ2vfndusFTh8Ejb1uL48wO7qxv+vctJ2GMwULJRTiT00zXN9Yhrv2mtX3EtMcx5Km+3kxC/a7bjvXDHf0H6Abf4Rd465Ngs/zega0vfx6H+IC1VQH3Y281YbovfxNu7KRyJguC/uNFiAStob557B05oynlKVM=
Received: from DM5PR00MB0293.namprd00.prod.outlook.com (2603:10b6:4:9e::34) by DM5PR00MB0326.namprd00.prod.outlook.com (2603:10b6:4:9f::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.766.0; Tue, 1 May 2018 23:00:16 +0000
Received: from DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::143d:17c6:2a98:bbf2]) by DM5PR00MB0293.namprd00.prod.outlook.com ([fe80::143d:17c6:2a98:bbf2%3]) with mapi id 15.20.0771.000; Tue, 1 May 2018 23:00:16 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Russ Housley <housley@vigilsec.com>
CC: Phil Hunt <phil.hunt@oracle.com>, "draft-ietf-secevent-token.all@ietf.org" <draft-ietf-secevent-token.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, ID Events Mailing List <id-event@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: [Id-event] Secdir last call review of draft-ietf-secevent-token-09
Thread-Index: AQHT2NHtvc95Fiwi1UCrOyZVUllp6qQQeq+AgAfjstCAAy+xgA==
Date: Tue, 01 May 2018 23:00:16 +0000
Message-ID: <DM5PR00MB029324695FEA6EF07878D6E4F5810@DM5PR00MB0293.namprd00.prod.outlook.com>
References: <152424742315.3484.7625515486296411114@ietfa.amsl.com> <2F2D2F99-8116-40EE-8245-D7C5F8793BC0@oracle.com> <MW2PR00MB03008E6BC62F553A785D9D5DF5830@MW2PR00MB0300.namprd00.prod.outlook.com>
In-Reply-To: <MW2PR00MB03008E6BC62F553A785D9D5DF5830@MW2PR00MB0300.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mbj@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-05-01T23:00:11.9121632Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:e::36]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR00MB0326; 7:YsKObRodgxwN04FZDCXtsd1MwYeNTSXSBPbtTQ+VlVr7Fl6LjjEBTevyLMlkJXKqAZCHTh4b+CtMdmL8IBZ/QAiTaNMVXyenH1EMZIpg2FFxDMzkz0DKNdvBCM2DajRRJq9G8FS9cRim1HZq/lexR0aEsbJiyY6Z25SUiZGjSNcZwwQGbMpcvFTwBc/eQ1iMkP5/xMJhyJaaglO6q6Cac4+83AeZzSJwRA/L/syEtcB0E2uoJN+1NR8KOPwxpACB; 20:LrOky16nnxuoh2kFXXAHbjEA7RfkYMClJiMZPyZhzQLg8sifDX9AeadNlZ8ZP+V0Vy97kRUYS+gAG+icGJpvSGRbdYYk+hWlZZwMGhmfUdvCjne51WXbYXPPs8KU3YtZQqD0sMdrggMTtsUCmipmJkLqSEdR4cP7q1zqCt3Gi0Q=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:DM5PR00MB0326;
x-ms-traffictypediagnostic: DM5PR00MB0326:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR00MB0326F03776B7A1ED4257E627F5810@DM5PR00MB0326.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(10436049006162)(89211679590171)(192374486261705)(21748063052155)(146099531331640);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(5005006)(8121501046)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(10201501046)(3002001)(93006095)(93001095)(3231254)(2018427008)(944501410)(52105095)(6055026)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DM5PR00MB0326; BCL:0; PCL:0; RULEID:; SRVR:DM5PR00MB0326;
x-forefront-prvs: 06592CCE58
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(39380400002)(376002)(346002)(396003)(366004)(377424004)(189003)(199004)(8990500004)(46003)(53546011)(22452003)(106356001)(25786009)(9326002)(105586002)(52396003)(236005)(10090500001)(8676002)(53936002)(76176011)(10290500003)(316002)(14454004)(8936002)(7696005)(81156014)(59450400001)(81166006)(6116002)(4326008)(54906003)(5660300001)(790700001)(6506007)(606006)(33656002)(6436002)(186003)(486006)(74316002)(3660700001)(229853002)(5890100001)(1680700002)(575784001)(19609705001)(5250100002)(97736004)(6306002)(53386004)(86362001)(476003)(68736007)(11346002)(478600001)(2900100001)(446003)(72206003)(54896002)(6916009)(6246003)(7736002)(86612001)(3280700002)(102836004)(9686003)(99286004)(55016002)(2906002)(966005); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR00MB0326; H:DM5PR00MB0293.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: u6wf2xq5W0veQQVDrL+wHdeUrDisego5yRsd3EozdviDzRnRjHFTe5nDiZ7qOGgO/auE9rdA01njLHma4yEDnrsg9jkKGdo7M33w86uP4F9H9i2bnW0XzAfleG2dP58oNTkXSn0/z81mLpKBV7fShwVd2rgBkLMlVZzW6JZi1Kggr14faRxaPFQ0/OyyLlrb
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR00MB029324695FEA6EF07878D6E4F5810DM5PR00MB0293namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 4bc72181-29f1-48fa-defd-08d5afb74e3a
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4bc72181-29f1-48fa-defd-08d5afb74e3a
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 May 2018 23:00:16.7348 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0326
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/bp-DESwf3tlISxFwAbSPbuc1P0g>
Subject: Re: [secdir] [Id-event] Secdir last call review of draft-ietf-secevent-token-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2018 23:00:25 -0000
Hi Russ, Not having heard back from you for a week, the editors decided to publish an updated draft https://tools.ietf.org/html/draft-ietf-secevent-token-10 that addresses your additional SecDir review comments in the manner proposed last week. In particular, the revised text makes it clearer what requirements this specification is imposing on profiling specifications. I hope the new text works for you. Best wishes, -- Mike From: Mike Jones Sent: Sunday, April 29, 2018 3:20 PM To: Russ Housley <housley@vigilsec.com> Cc: Phil Hunt <phil.hunt@oracle.com>; draft-ietf-secevent-token.all@ietf.org; ietf@ietf.org; ID Events Mailing List <id-event@ietf.org>; secdir@ietf.org Subject: RE: [Id-event] Secdir last call review of draft-ietf-secevent-token-09 Hi Russ, I wanted to check back in. Are you good with these changes to address your comment or do want to suggest that we take a different direction? Thanks, -- Mike From: Id-event <id-event-bounces@ietf.org<mailto:id-event-bounces@ietf.org>> On Behalf Of Phil Hunt Sent: Tuesday, April 24, 2018 2:50 PM To: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> Cc: draft-ietf-secevent-token.all@ietf.org<mailto:draft-ietf-secevent-token.all@ietf.org>; Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>; ietf@ietf.org<mailto:ietf@ietf.org>; ID Events Mailing List <id-event@ietf.org<mailto:id-event@ietf.org>>; secdir@ietf.org<mailto:secdir@ietf.org> Subject: Re: [Id-event] Secdir last call review of draft-ietf-secevent-token-09 Russ, Here are proposed changes to address your questions about Section 3. You’re right that this section is placing requirements on profiling specifications. The changes made are intended to make this more explicit. Please let us know if the updated text works for you, and if so, we’ll publish an updated draft using it. Please see the wdiff text for section 3 below (also attached). Thanks, Phil & Mike —wdiff for sec 3-- 3. Requirements for SET Profiles Profiling specifications of this specification define actual SETs to be used in particular use cases. These profiling specifications define the syntax and semantics of SETs conforming to that SET profile and rules for validating those SETs. Profiling specifications SHOULD define syntax, semantics, subject identification, and validation. Syntax The syntax defined by profiling specifications includes what claims of the SETs defined, including: Top-Level Claims Claims and event payload values placed at the JWT Claims Set. Examples are used claims defined by SETs utilizing the profile. JWT specification (see [RFC7519]), the SET specification, and by the profiling specification. Event Payload The JSON data structure contents and format, containing event- specific information, if any (see Section 1.2). Semantics Defining the semantics of the SET contents for SETs utilizing the profile is equally important. Possibly most important is defining the procedures used to validate the SET issuer and to obtain the keys controlled by the issuer that were used for cryptographic operations used in the JWT representing the SET. For instance, some profiles may define an algorithm for retrieving the SET issuer's keys that uses the "iss" claim value as its input. Likewise, if the profile allows (or requires) that the JWT be unsecured, the means by which the integrity of the JWT is ensured MUST be specified. Subject Identification Profiling specifications MUST define how the event subject is identified in the SET, as well as how to differentiate between the event subject's issuer and the SET issuer, if applicable. It is NOT RECOMMENDED for profiling specifications to use the "sub" claim in cases in which the subject is not globally unique and has a different issuer from the SET itself. Validation Profiling specifications MUST clearly specify the steps that a recipient of a SET utilizing that profile MUST perform to validate that the SET is both syntactically and semantically valid. Among the syntax and semantics of SETs that a profiling specification may define is whether the value of the "events" claim may contain multiple members, and what processing instructions are employed in the single- and multiple-valued cases for SETs conforming to that profile. Many valid choices are possible. For instance, some profiles might allow multiple event identifiers to be present and specify that any that are not understood by recipients be ignored, thus enabling extensibility. Other profiles might allow multiple event identifiers to be present but require that all be understood if the SET is to be accepted. Some profiles might require that only a single value be present. All such choices are within the scope of profiling specifications to define. Profiling specifications MUST clearly specify the steps that a recipient of a SET utilizing that profile MUST perform to validate that the SET is both syntactically and semantically valid. Phil Oracle Corporation, Identity Cloud Services Architect @independentid www.independentid.com<http://www.independentid.com> phil.hunt@oracle.com<mailto:phil.hunt@oracle.com> On Apr 20, 2018, at 11:03 AM, Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote: Reviewer: Russ Housley Review result: Has Issues I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. Document: draft-ietf-secevent-token-09 Reviewer: Russ Housley Review Date: 2018-04-20 IETF LC End Date: unknown IESG Telechat date: 2018-05-10 Summary: Has Issues Major Concerns I do not understand the first paragraph of Section 3. I made this comment on version -07, and some words were added, but I still do not understand this paragraph. I think you are trying to impose some rules on future specifications that use SET to define events. Let me ask a couple of questions that may help. I understand that a profiling specification MUST specify the syntax and semantics for a collection of security event tokens, including the claims and payloads that are expected. What MUST a profiling specification include? What MUST a profiling specification NOT include? _______________________________________________ Id-event mailing list Id-event@ietf.org<mailto:Id-event@ietf.org> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf..org_mailman_listinfo_id-2Devent&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=na5FVzBTWmanqWNy4DpctyXPpuYqPkAI1aLcLN4KZNA&m=hJFx-Z2ih18uUNCXosAjvygHqn2_K2mtNzqIej3Ah-c&s=28OWe42S0bg8Y2eo3VVzACeSYnzgiyyeXLl7tTu9i1Y&e=
- [secdir] Secdir last call review of draft-ietf-se… Russ Housley
- Re: [secdir] [Id-event] Secdir last call review o… Phil Hunt
- Re: [secdir] [Id-event] Secdir last call review o… Mike Jones
- Re: [secdir] [Id-event] Secdir last call review o… Mike Jones
- Re: [secdir] Secdir last call review of draft-iet… Russ Housley