IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd

Ralf Skyper Kaiser <skyper@thc.org> Tue, 12 November 2013 10:28 UTC

Return-Path: <skyper@thc.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1414B21F9FF6 for <tls@ietfa.amsl.com>; Tue, 12 Nov 2013 02:28:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.098
X-Spam-Level: *
X-Spam-Status: No, score=1.098 tagged_above=-999 required=5 tests=[AWL=-0.646, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MISSING_HEADERS=1.292, RCVD_IN_SORBS_DUL=0.877, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vQOq0v9zCli6 for <tls@ietfa.amsl.com>; Tue, 12 Nov 2013 02:28:39 -0800 (PST)
Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 6145321F9C10 for <tls@ietf.org>; Tue, 12 Nov 2013 02:28:28 -0800 (PST)
Received: by mail-ie0-f182.google.com with SMTP id as1so9648049iec.13 for <tls@ietf.org>; Tue, 12 Nov 2013 02:28:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thc.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=3ngkZrGjoVetDCae2Bo/ooMbz3KSjU+RI0axdCvko9k=; b=adJyZDQFK2YlUAOIL04POMWel/Qs1yYOYYFZxwyx9JU4zvkoLHd2odgKao8mjG0E7K vf1BvDdTMfy5weeWTx+cz1O8JIIJCCj+9YNqcqf+AgBmLAcEAcBhm/x9u9WRI6t0qRVV hd/ccI5nlAK+IKjGSPUEmNM/xjFZFj224uc6c=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:cc:content-type; bh=3ngkZrGjoVetDCae2Bo/ooMbz3KSjU+RI0axdCvko9k=; b=IqBf8Ac1MIdY4I6gYOoTsDDDnNTAVOKlEtKAYjU+KDN7KF6U7Z5dMuGn2AXRtHQluP YuC2tzam/GXgVJfNth/RR1kIsIrd7xSXCuZf8MfvZGnSF8+usV1tYS6DjU/t9gvtq/J2 Bx05DMHoq+B4N4Zfz3K4ytlaKiHvlq1l2OL9EoXf6oSFJLl9qnke6CwcWXIiot08JcV3 Yq6qAof2h3GktxauNwB00a/0wOU99NAysYFNrW1LuzhmdD8w+9fcqXhRLlCUhLQ60PGx uRA4enSgOYXbBMGuThf28D75bXGXIv42C1BJkcH/dXR8pbCsuU7tqV/yZzZ7Pd8iHAtZ Bdtg==
X-Gm-Message-State: ALoCoQlxxeqN9Bed9Mw6cKvA/hdTMEN3EYVyaKxusgyFSdaSa1K/XO64Bla1bmJmjmxZY0w156n4
MIME-Version: 1.0
X-Received: by 10.50.131.163 with SMTP id on3mr15083466igb.46.1384252096344; Tue, 12 Nov 2013 02:28:16 -0800 (PST)
Received: by 10.64.108.163 with HTTP; Tue, 12 Nov 2013 02:28:16 -0800 (PST)
X-Originating-IP: [217.39.7.72]
In-Reply-To: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com>
References: <3065D910-832C-47B6-9E0B-2F8DCD2657D2@cisco.com>
Date: Tue, 12 Nov 2013 10:28:16 +0000
Message-ID: <CA+BZK2rQ9-3XYB0sUJA-iWHBEfQrnkeo6q+VMt2jcV16ryupnQ@mail.gmail.com>
From: Ralf Skyper Kaiser <skyper@thc.org>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b2e0d1f7b89c804eaf84efa"
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Nov 2013 10:28:43 -0000

Hi,

could not find it in the draft:

the interoperability with draft-ietf-websec-key-pinning-08 should be
mentioned explicitly to prevent
an attack scenario. (e.g. user has pinned certificate for google.com.
Attacker MITM forces
client to do tls-pwd. Client should not allow this). E.g. once a host is
pinned no other server-side
auth mechanism should be allowed.

regards,

ralf


On Fri, Nov 8, 2013 at 1:11 AM, Joseph Salowey (jsalowey) <
jsalowey@cisco.com> wrote:

> This is the beginning of the working group last call for
>  draft-ietf-tls-pwd-01.   The underlying cryptographic protocol for TLS-PWD
> has been reviewed by the IRTF CFRG group with satisfactory results.  The
> document needs particular attention paid to the integration of this
> mechanism into the TLS protocol.   Please send comments to the TLS list by
> December 2, 2013.
>
> - Joe
> (For the TLS chairs)
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email