Re: [sidr] Alissa Cooper's Discuss on draft-ietf-sidr-publication-10: (with DISCUSS and COMMENT)
Rob Austein <sra@hactrn.net> Tue, 31 January 2017 00:34 UTC
Return-Path: <sra@hactrn.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1D561296EA; Mon, 30 Jan 2017 16:34:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.1
X-Spam-Level:
X-Spam-Status: No, score=-5.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPy8FtdmJUwG; Mon, 30 Jan 2017 16:34:05 -0800 (PST)
Received: from adrilankha.hactrn.net (adrilankha.hactrn.net [IPv6:2001:418:1::19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2A161296C7; Mon, 30 Jan 2017 16:34:05 -0800 (PST)
Received: from minas-ithil.hactrn.net (c-73-47-197-23.hsd1.ma.comcast.net [73.47.197.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "nargothrond.hactrn.net", Issuer "Grunchweather Associates" (not verified)) by adrilankha.hactrn.net (Postfix) with ESMTPS id 98381B869; Tue, 31 Jan 2017 00:34:05 +0000 (UTC)
Received: from minas-ithil.hactrn.net (localhost [IPv6:::1]) by minas-ithil.hactrn.net (Postfix) with ESMTP id D76804665206; Mon, 30 Jan 2017 19:33:28 -0500 (EST)
Date: Mon, 30 Jan 2017 19:33:28 -0500
From: Rob Austein <sra@hactrn.net>
To: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <148466796666.31979.17532709479234975824.idtracker@ietfa.amsl.com>
References: <148466796666.31979.17532709479234975824.idtracker@ietfa.amsl.com>
User-Agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20170131003328.D76804665206@minas-ithil.hactrn.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/HpdtKSYM6Vta-srjmDjbcMrK76A>
Cc: Chris Morrow <morrowc@ops-netman.net>, sidr-chairs@ietf.org, The IESG <iesg@ietf.org>, sidr@ietf.org, draft-ietf-sidr-publication@ietf.org
Subject: Re: [sidr] Alissa Cooper's Discuss on draft-ietf-sidr-publication-10: (with DISCUSS and COMMENT)
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2017 00:34:07 -0000
At Tue, 17 Jan 2017 07:46:06 -0800, Alissa Cooper wrote: ... > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > What is the upgrade path for the future when new versions of this > protocol get published? How are clients and servers meant to agree on > which version to use? The schema includes a version number, so a new protocol version would be detectable; in the most straightforward implementation, attempting to parse an unknown protocol version would result in a schema validation error. I don't think it's really possible to specify the upgrade path in detail until one knows what the newer version looks like, ie, what changed, so I'd defer this until the (hypothetical) new version. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Although I understand why Section 6 says transport security is not > strictly required, given that the authentication and authorization > mechanisms that this protocol relies on are outside of the scope here, > isn't it possible that clients and servers may be exchanging cookies or > other headers in the course of using this protocol that would benefit > from transport encryption? It seems like mentioning that transport > security may still be beneficial although not required might be a good > idea. Um, the authentication is CMS signatures, it's just the authorization that's out of scope. I can't think of any sane reason for stuffing cookies or the like into this protocol, but yes, it's theoretically possible. The protocol is currently specified in terms of plain HTTP because an earlier version using HTTPS included a horrible authentication hairball in which HTTPS and CMS were required to use the same BPKI certificates for authentication, which turned out to be an implementation nightmare. So we backed off to plain HTTP to cut free of that mess, and we didn't think there were any privacy issues in the real data (if there had been, we would have been using CMS encryption too). That said, the world has changed, and I see at least one other discuss asking for HTTPS, so I guess we'll be going down that path, but this time with no required linkage between CMS and HTTPS, and with the authentication (still) just based on CMS.
- [sidr] Alissa Cooper's Discuss on draft-ietf-sidr… Alissa Cooper
- Re: [sidr] Alissa Cooper's Discuss on draft-ietf-… Rob Austein
- Re: [sidr] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper