[TLS] Review of draft-housley-tls-authz-extns-05
<Pasi.Eronen@nokia.com> Tue, 23 May 2006 08:01 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FiRp6-0002RH-MR; Tue, 23 May 2006 04:01:00 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FiRp4-0002R9-OV; Tue, 23 May 2006 04:00:58 -0400
Received: from mgw-ext11.nokia.com ([131.228.20.170]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FiRp3-0001Or-AN; Tue, 23 May 2006 04:00:58 -0400
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-ext11.nokia.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k4N80rGY027440; Tue, 23 May 2006 11:00:56 +0300
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 23 May 2006 11:00:56 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 23 May 2006 11:00:56 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 23 May 2006 11:00:52 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2402AE176A@esebe105.NOE.Nokia.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Review of draft-housley-tls-authz-extns-05
Thread-Index: AcZ+PwMNZPkennagT/SoqPhXKQtzFg==
From: Pasi.Eronen@nokia.com
To: ietf@ietf.org
X-OriginalArrivalTime: 23 May 2006 08:00:56.0037 (UTC) FILETIME=[051B9150:01C67E3F]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: tls@ietf.org
Subject: [TLS] Review of draft-housley-tls-authz-extns-05
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
The part about X.509 attribute certificates looks fine, but at least the SAML part still needs some work: 1) I think the document needs to discuss the security considerations of bearer SAML assertions in more detail. While the countermeasures described in 3.3.2 may help against passive eavesdroppers, they still allow an active MiTM to "steal" the permission. This is IMHO a significant difference to typical SAML usage with HTTP-over-TLS, where the server is authenticated before the bearer assertion is sent. 2) Section 3.3.2: "When SAMLAssertion is used, the field contains XML constructs with a nested structure defined in [SAML1.1][SAML2.0]." This needs to be much more specific than "some XML from these documents". What element/elements? Is this an XML document (with XML declaration etc.), or just a "fragment"? Which encoding? And so on... 3) The document is last called for Proposed Standard, but contains a normative reference to Informational RFC (RFC 2704). I'd suggest removing the KeyNote stuff from this document (if someone really wants to do KeyNote, it can be a separate document). Minor editorial comments: 4) Section 2.3: the list type is "AuthorizationDataFormats" but enum is spelled "AuthzDataFormat". Best regards, Pasi _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- RE: [TLS] Review of draft-housley-tls-authz-extns… Pasi.Eronen
- [TLS] Review of draft-housley-tls-authz-extns-05 Pasi.Eronen
- Re: [TLS] Review of draft-housley-tls-authz-extns… Russ Housley
- Re: [TLS] Review of draft-housley-tls-authz-extns… Sam Hartman
- RE: [TLS] Review of draft-housley-tls-authz-extns… Russ Housley
- Re: [TLS] Review of draft-housley-tls-authz-extns… Sam Hartman
- Re: [TLS] Review of draft-housley-tls-authz-extns… Russ Housley
- RE: [TLS] Review of draft-housley-tls-authz-extns… Pasi.Eronen
- RE: [TLS] Review of draft-housley-tls-authz-extns… Hollenbeck, Scott
- RE: [TLS] Review of draft-housley-tls-authz-extns… Pasi.Eronen