Re: [TLS] AD review of draft-ietf-tls-oob-pubkey
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 09 May 2013 19:54 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDF8821F914C for <tls@ietfa.amsl.com>; Thu, 9 May 2013 12:54:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FCuWeBsP25jp for <tls@ietfa.amsl.com>; Thu, 9 May 2013 12:53:57 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id CCA3B21F8CE2 for <tls@ietf.org>; Thu, 9 May 2013 12:53:56 -0700 (PDT)
Received: from [192.168.13.156] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 04F65F979; Thu, 9 May 2013 15:53:50 -0400 (EDT)
Message-ID: <518BFECB.8050501@fifthhorseman.net>
Date: Thu, 09 May 2013 15:53:47 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130413 Icedove/17.0.5
MIME-Version: 1.0
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
References: <516D5ADE.3050506@ieca.com> <A95B4818FD85874D8F16607F1AC7C628BCDCF4@xmb-rcd-x09.cisco.com>
In-Reply-To: <A95B4818FD85874D8F16607F1AC7C628BCDCF4@xmb-rcd-x09.cisco.com>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="----enig2ALMHJBSEFRHEXJXDHHRN"
Cc: "<tls@ietf.org>" <tls@ietf.org>, "<draft-ietf-tls-oob-pubkey@tools.ietf.org>" <draft-ietf-tls-oob-pubkey@tools.ietf.org>
Subject: Re: [TLS] AD review of draft-ietf-tls-oob-pubkey
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2013 19:54:03 -0000
On 05/07/2013 11:11 PM, Joseph Salowey (jsalowey) wrote: >> 12) In s6, it indicates: >> >> This document assumes that such >> binding can be made out-of-band and we list a few examples in >> Section 1. >> >> This statement begs the question as to whether there needs to be a requirement on protocols that use this extension to specify the method used to provide the out-of-band binding. In other words something like: >> >> Specifications that make use of the extension MUST specify the >> mechanism by which the identity and the public key are bound. >> Otherwise, authentication is not possible. >> > [Joe] Or maybe > "In order to address these vulnerabilities, specifications that make use of the extension MUST specify how the identity and public key are bound." Why is this a MUST? What would be wrong with a specification that makes use of the extension and declines to mandate a specific OOB mechanism (e.g. leaves that choice of selection up to the service administrator or local configuration or something else)? Being deliberately agnostic about corners of a protocol that you don't want to constrain is pretty healthy. If a spec for some new service comes out that uses OOB keys, and then later someone publishes a novel (and useful) mechanism for verifying the binding between those keys and identities, do we want that spec to be considered invalid when used in combination with the new verification mechanism? >> 14) Are there any other extensions that don't make sense to negotiate if raw keys are chosen? For example, if the the client and server settle on raw keys do either of the ocsp stapling extensions make sense anymore? > > [Joe] At least the multi-ocsp extension could be extended to support other Status mechanisms. I'm not convinced that this extension of an extension should be coupled into the same draft as oob-pubkey itself. It seems likely to make it harder to reach consensus on oob-pubkey without providing a significant benefit. --dkg
- [TLS] AD review of draft-ietf-tls-oob-pubkey Sean Turner
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Bert Greevenbosch
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Salz, Rich
- [TLS] Revocation and authentication of raw public… Bert Greevenbosch
- Re: [TLS] Revocation and authentication of raw pu… Paul Wouters
- Re: [TLS] Revocation and authentication of raw pu… Salz, Rich
- Re: [TLS] Revocation and authentication of raw pu… Bert Greevenbosch
- Re: [TLS] Revocation and authentication of raw pu… Trevor Perrin
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Joseph Salowey (jsalowey)
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Daniel Kahn Gillmor
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Joseph Salowey (jsalowey)
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Bert Greevenbosch
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Sean Turner
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Sean Turner
- Re: [TLS] AD review of draft-ietf-tls-oob-pubkey Sean Turner