IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-oob-pubkey-03.txt

Paul Wouters <paul@nohats.ca> Thu, 26 April 2012 17:57 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E591F21E809F for <tls@ietfa.amsl.com>; Thu, 26 Apr 2012 10:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.525
X-Spam-Level:
X-Spam-Status: No, score=-0.525 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HOST_MISMATCH_COM=0.311, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IlS2oPiwImfr for <tls@ietfa.amsl.com>; Thu, 26 Apr 2012 10:57:46 -0700 (PDT)
Received: from letoams.cypherpunks.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) by ietfa.amsl.com (Postfix) with ESMTP id E650221E808D for <tls@ietf.org>; Thu, 26 Apr 2012 10:57:45 -0700 (PDT)
Received: by letoams.cypherpunks.ca (Postfix, from userid 500) id 926E68036B; Thu, 26 Apr 2012 13:57:44 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by letoams.cypherpunks.ca (Postfix) with ESMTP id 8641F8032E; Thu, 26 Apr 2012 13:57:44 -0400 (EDT)
Date: Thu, 26 Apr 2012 13:57:44 -0400
From: Paul Wouters <paul@nohats.ca>
To: Simon Josefsson <simon@josefsson.org>
In-Reply-To: <87pqauq4v6.fsf@latte.josefsson.org>
Message-ID: <alpine.LFD.2.02.1204261354440.6626@bofh.nohats.ca>
References: <A11FC42E-1708-4D82-8163-B14013E4B4BA@cisco.com> <87pqauq4v6.fsf@latte.josefsson.org>
User-Agent: Alpine 2.02 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: tls@ietf.org
Subject: Re: [TLS] WGLC for draft-ietf-tls-oob-pubkey-03.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Apr 2012 17:57:47 -0000

On Thu, 26 Apr 2012, Simon Josefsson wrote:

> Major concerns:
>
> 1) Section 3.1 and 3.2 more or less duplicate section 3.1 and 3.2 of RFC
> 6091.  Wouldn't it be better to describe the RawPublicKey
> CertificateType alone, rather than duplicating the entire
> CertificateType extension?

I think you are right. This was originally done because it started as
a new TLS extension, and then also covered what has now been moved to
cached-objects.

> 2) The "Security Considerations" says that the main challenge with raw
> public keys over keys in X.509/OpenPGP is how to associate the public
> key with a specific entity.  However, I believe the problem is larger
> than that, and there is a similar challenge for several other forms of
> metadata about a public key.  It is not only the identity of a key that
> can have significant impact on system security.  Other kind of metadata
> (for example "do not use this public key after the year 2015") can be
> critical for secure deployments.  I suggest to add a final paragraph to
> discuss this.

Sounds reasonable. Will do.

> Minor concerns:

All fixed as per your suggestions.

Paul

v2.23.0 | Report a Bug | By Email