Re: [TLS] Francesca Palombini's No Objection on draft-ietf-tls-exported-authenticator-14: (with COMMENT)
Sean Turner <sean@sn3rd.com> Mon, 09 May 2022 14:25 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04A53C14F742 for <tls@ietfa.amsl.com>; Mon, 9 May 2022 07:25:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GRzjiQHU_Ahf for <tls@ietfa.amsl.com>; Mon, 9 May 2022 07:25:04 -0700 (PDT)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E50FC15E6E1 for <tls@ietf.org>; Mon, 9 May 2022 07:25:04 -0700 (PDT)
Received: by mail-qv1-xf35.google.com with SMTP id kj8so10501523qvb.6 for <tls@ietf.org>; Mon, 09 May 2022 07:25:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YiqutwlS9wA7WO8Ioe09YnlLBuN278C2Te4mQcsDOfk=; b=hc+k/ngR9cU+d/ggcE+8VFiEf3s0tzUstv9IIwMv7IVcOu4s0aQvykoZScLtdsvGrI efNpUKxe/4J2n2FM9M3jucFghi3m8bIudOjk3s4o/iQyEe1xt7zJk6Ex7qHU6qXN4lRs My417bxKMgsfwYKpmSGSBIwf67FAgqru93Ye8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YiqutwlS9wA7WO8Ioe09YnlLBuN278C2Te4mQcsDOfk=; b=7Ro/aNu0veASNlpaD+aubTz0LiBd+j+ZSRqNUgwOMkQwrsscvbndN8nTWR0YnUhkhs skG9PwYjW4HW5saaAmaCzHs6dZ6rzV6+qVIETWOW1yydfJwZBk+fA1VrLn8yA/Y0fTpT Ki00PJRaE2mnoFmqowHfJnYBoql8QCbDi8fobwmejhhKfZGmD1DQVVWFRpw/19BWRknY cdTdh8FiBgLOuxkuCfn3eGvwY5IuUXj/UxquHW+HbHlAqndGwyjPxI0ZKMLDmHalvnRc 6V21FjyMXUHqDL5AodMc/F8I/5RjxRwBLI/8M36biSmt86TBfH0qliaCShaKdC0R/+2U BQCw==
X-Gm-Message-State: AOAM532108COaX+gcurvpFa+CAFbwOt0NTds0jRjCY01WGplYt+hyI4c vayDiCSexCTcXlZ0saFMLmBYDQ==
X-Google-Smtp-Source: ABdhPJwwvvsYUoZLvaiS+dJ2bLrBFBywSORiaFsn8ZayKSmimRq1kdHj3+u1HySwZYZnfBAzZJ9qBA==
X-Received: by 2002:a05:6214:400a:b0:45a:a5be:c0bc with SMTP id kd10-20020a056214400a00b0045aa5bec0bcmr13690214qvb.128.1652106302903; Mon, 09 May 2022 07:25:02 -0700 (PDT)
Received: from smtpclient.apple (pool-72-83-85-4.washdc.east.verizon.net. [72.83.85.4]) by smtp.gmail.com with ESMTPSA id l14-20020ac84a8e000000b002f39b99f68dsm7592675qtq.39.2022.05.09.07.25.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 May 2022 07:25:02 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <161753383291.16671.11431634616201810816@ietfa.amsl.com>
Date: Mon, 09 May 2022 10:25:01 -0400
Cc: The IESG <iesg@ietf.org>, draft-ietf-tls-exported-authenticator@ietf.org, TLS Chairs <tls-chairs@ietf.org>, TLS List <tls@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <36E191E4-BF04-4797-BDCB-D104D5DC7050@sn3rd.com>
References: <161753383291.16671.11431634616201810816@ietfa.amsl.com>
To: Francesca Palombini <francesca.palombini@ericsson.com>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cREvSS14E5_gxbjcS4uKyIuqKVU>
Subject: Re: [TLS] Francesca Palombini's No Objection on draft-ietf-tls-exported-authenticator-14: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2022 14:25:08 -0000
Hi! We closed the loop on this one, and Roman wanted to make sure this got back. > On Apr 4, 2021, at 06:57, Francesca Palombini via Datatracker <noreply@ietf.org> wrote: > > Francesca Palombini has entered the following ballot position for > draft-ietf-tls-exported-authenticator-14: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for the work on this document, and thank you to the doc shepherd for > the in-depth background. Please find some comments below. > > Francesca > > 2. ----- > > used to send the authenticator request SHOULD use a secure with > equivalent security to TLS, such as QUIC [QUIC-TLS], as its as its > > FP: What are the implications of not using such a secure transport protocol? > Why is it just RECOMMENDED and not MANDATED? nits: missing word "use a secure > with" ; remove one of the duplicated "as its". (Note: this text appears again > with the same typos for the authenticator in section 5) We roped Jonathan in and he’s what he had to say: > Begin forwarded message: > > From: Jonathan Hoyland <jonathan.hoyland@gmail.com> > Subject: Re: Datatracker State Update Notice: <draft-ietf-tls-exported-authenticator-15.txt> > Date: May 6, 2022 at 12:16:34 EDT > To: Christopher Wood <caw@heapingbits.net> > Cc: Paul Wouters <paul.wouters@aiven.io>, Sean Turner <sean@sn3rd.com>, Roman Danyliw <rdd@cert.org>, Christopher Wood <christopherwood07@gmail.com>, draft-ietf-tls-exported-authenticator@ietf.org, TLS Chairs <tls-chairs@ietf.org> > > The EA is equally secure if sent over an entirely unsecured medium. > The only reason to have a SHOULD there is because if you send the EA over a plaintext channel you reveal the Server certificate. > > In most cases it will make sense to send the EA over the channel that's already there, but from a security perspective there's no reason to require it. > > Regards, > > Jonathan Cheers, spt
- [TLS] Francesca Palombini's No Objection on draft… Francesca Palombini via Datatracker
- Re: [TLS] Francesca Palombini's No Objection on d… Sean Turner