IETF Logo Mail Archive

Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

Tim Hollebeek <tim.hollebeek@digicert.com> Fri, 04 May 2018 12:44 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70C0F126BFD for <tls@ietfa.amsl.com>; Fri, 4 May 2018 05:44:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SXMwm4g7Xu_h for <tls@ietfa.amsl.com>; Fri, 4 May 2018 05:44:28 -0700 (PDT)
Received: from mail1.bemta8.messagelabs.com (mail1.bemta8.messagelabs.com [216.82.243.206]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 934BD126BF0 for <tls@ietf.org>; Fri, 4 May 2018 05:44:28 -0700 (PDT)
Received: from [216.82.241.100] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-14.bemta-8.messagelabs.com id D6/E0-02128-BA55CEA5; Fri, 04 May 2018 12:44:27 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTbUwTSRjHO7vddkVqxpbKYwNeXEgUTCueGKt +UaMe5iRy5k5jJeoW17a5vpBuNTVqxEQ/WJAYLQZ73qEeUaxCogHF9xZFoyBEJZcDQUWJxJYE lRgjGrXD4NuXyW+f/3+e/zOTWZ7V7lIbeMnvk7xu0SmokpTtpn89xvAfA5ac2qeZ5tbrrxhzR 3gna37dHkDz2bwLoR51XnX1OyYvGkUFrIVzuK0e/3rOHmk/qS6ucvsruivVJajFFkBjeCUeZO B8//QASuK1uJyBTyU1DP14hODu+34lcalwDvx35RZDOAXnQ92xIEeYxRMh8P9eNoB4XocXwOn QdoIpeCEMXDJS9xI48aSMo1mZ0PXkHSKswYXQeHKQo1HPETweOjBiGoN/g46H9SrCCE+At3dO MzQqFbr6qkYYcAr03mtRUdbDi2cfOeovhL+HmkbrAtQNdI/60+F+VSkiYYDrGahu/qSkghFeV lSwVIggaCyLj+7Ohq59JxDlP2F35C+GnAzwGqgNL6flahaGSsdSToO+oXNq2qdBBQd7z40ka/ EGCIbJRER4huBaYJglgg4boKdjD9qHskPfnS6U8LG4CkH7xU4mNHJP4+H2oT4lNVmg61QlRzk bKmpjo/VpcPxonA0lBmRxFtx8IPxYJjwPKoejKsqTIVjaq6Y8C+LNr9ARNDaMpsqSd7PkNebm mqxeh83uc4kOp3FGjtnkkmRZtElO0SqbijyusyjxCncoFKgRfbixpglN5BlBr5myKm7RjrN6N myxi7J9nXeTU5KbUBrPC6Cx/D5g0Y73SjbJv9HhTDzlLzLwyUKKRiayRi4WXbLDRqU7aA7fXb +/jOWbBoOJtY2sWqXb45YMqZpcsgGTDfZN7q/tvvwc91G6QadBCoVCm1wseV0O3496DKXySNB pCkiXZIfb9zU1lhiISQykG4yTgXziN8lQgn5akJS/wvBLNHJmUqe1lTt+xD27aKq8lvn4c+ev V7kCfYtvV39A55gT0ze8ZcvTzBkZLStzMkwLpWH28JtWX8/Ww1M2xpbPfVCjN17eX7esbad/2 8O0df/k10Sb9Z7MS21ni7Km+bJW7z1aMCs3+DJ9aaSyeHHmwZmF5ZuFC9GyhkWCUraLM7JZry x+BgMrw2sXBAAA
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-5.tower-220.messagelabs.com!1525437865!193146783!1
X-Originating-IP: [207.46.163.111]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 31827 invoked from network); 4 May 2018 12:44:26 -0000
Received: from mail-sn1nam01lp0111.outbound.protection.outlook.com (HELO NAM01-SN1-obe.outbound.protection.outlook.com) (207.46.163.111) by server-5.tower-220.messagelabs.com with AES256-SHA256 encrypted SMTP; 4 May 2018 12:44:26 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=lM34SFQ3p7U8jhGBOi5kTYkAqyh2TB0aXafxkQrMRws=; b=TTYdIoJwIuXP98cN77rUyOy93ffpFjbxN2TgXsPUiDYHowd8/8DcNWhOB3Z7mzWlgzyF923ERs3v2zXIH/FZ4Q0T8gnaLHU14ICGi/iNHANVj+xNs6NeTrckkA0UgKJZ2+ZrFn3WWVvP72BPRbBJY3hwMd2sGCBBZ86tKvAaBFA=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1524.namprd14.prod.outlook.com (10.172.152.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.735.16; Fri, 4 May 2018 12:44:24 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::40d8:6bed:a1a5:de4e]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::40d8:6bed:a1a5:de4e%3]) with mapi id 15.20.0735.016; Fri, 4 May 2018 12:44:24 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Nick Sullivan <nicholas.sullivan@gmail.com>, Sean Turner <sean@sn3rd.com>
CC: TLS WG <tls@ietf.org>
Thread-Topic: [TLS] WGLC for draft-ietf-tls-exported-authenticator
Thread-Index: AQHT2B2mvtcKSY6ZIUiPsbUgpPIwhqQLSOsAgBM85wCAAAESAIABExCw
Date: Fri, 04 May 2018 12:44:24 +0000
Message-ID: <BN6PR14MB1106B0BCB27BF78BCCB7DBED83860@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <4E347898-C787-468C-8514-30564D059378@sn3rd.com> <1CBA2C18-DAB8-4751-B765-3BF76C7F170B@sn3rd.com> <19A28612-65CA-4667-9E4E-D47717AC9009@sn3rd.com> <CAOjisRypO2tSx4WEVqKCr7mzs2fnOTm9S5WqTLm9cGGjULVm1g@mail.gmail.com>
In-Reply-To: <CAOjisRypO2tSx4WEVqKCr7mzs2fnOTm9S5WqTLm9cGGjULVm1g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [98.111.253.132]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1524; 7:m+4E4tfwSHk1JW6r/a19ED2koDAs5KVcpOwPjRew7q2fkDYJP7bB7AMbJeu5CB56OFLdRF2Mm/SlBT1bZMiopumqysDEmMOWwRd7WqMamRDnTANMdjXqR8GvFatoICENFT7CS0vzZOSM5M2IcYStTmFMY8LznUQ1pg525f/iU/6JheacVQlQsLmtbD4TOHo5eBrXNStCda0okylK0HbTPo62EYPM5Yi+82pHlhJfVRyPH4NG5ncAVX8m85VDgI7h
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1524;
x-ms-traffictypediagnostic: BN6PR14MB1524:
x-microsoft-antispam-prvs: <BN6PR14MB1524520B1391CFB8AC271DB683860@BN6PR14MB1524.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(120809045254105)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(5005006)(8121501046)(3231254)(944501410)(52105095)(3002001)(93006095)(93001095)(10201501046)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:BN6PR14MB1524; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1524;
x-forefront-prvs: 06628F7CA4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(39860400002)(39380400002)(366004)(376002)(346002)(189003)(199004)(53434003)(5660300001)(86362001)(476003)(446003)(2906002)(14454004)(6436002)(105586002)(2900100001)(229853002)(11346002)(66066001)(106356001)(606006)(44832011)(486006)(97736004)(316002)(3660700001)(68736007)(7696005)(8936002)(74316002)(110136005)(3280700002)(186003)(5250100002)(25786009)(33656002)(99286004)(478600001)(81166006)(7736002)(81156014)(39060400002)(4326008)(99936001)(54896002)(53546011)(93886005)(790700001)(6306002)(3846002)(6506007)(6246003)(236005)(26005)(9686003)(102836004)(6116002)(76176011)(966005)(59450400001)(53936002)(55016002)(8676002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1524; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: cEzkYgCLP2T/NO9AF9q1a4E/qPDia0YOEYXJoBfQv5DW/N4n+nO7MShzYFzI/5I52PPFLJAdShCVpZ3I/Zq6TgZd+MwtsPgtnhUpvzchYcEaKkS0iruNE2hi1Oe8LZhZPRu2vWIn77D0XVE4QzqbMKtFl7oYRw8LhBPNfwNOZ6fYKIgLQVoG418LMe+eYhOL
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0047_01D3E384.184A0A10"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 5fd6f591-aed3-469c-33f2-08d5b1bcc40d
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5fd6f591-aed3-469c-33f2-08d5b1bcc40d
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2018 12:44:24.2398 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1524
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/cZWT0dqp2WaELtANJIKcqIdW7sA>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 12:44:31 -0000

I generally really like it.

 

My only comment is about the use of a zero byte as a separator in a string (4.2.2).

 

There are commonly used languages where this is likely to lead to implementation bugs, causing the signature to be computed over a shorter length than expected.

 

While I doubt this causes any problems other than failures and debugging pain, the first 64 bytes contain the octet 32; I don’t see any reason why byte 87 can’t also be octet 32.

 

-Tim

 

From: TLS [mailto:tls-bounces@ietf.org] On Behalf Of Nick Sullivan
Sent: Thursday, May 3, 2018 4:16 PM
To: Sean Turner <sean@sn3rd.com>
Cc: TLS WG <tls@ietf.org>
Subject: Re: [TLS] WGLC for draft-ietf-tls-exported-authenticator

 

Does anyone have any comments about the draft, criticisms, or votes of support?

 

Nick

On Thu, May 3, 2018 at 1:12 PM Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com> > wrote:



> On Apr 21, 2018, at 10:25, Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com> > wrote:
> 
> 
>> On Apr 19, 2018, at 16:32, Sean Turner <sean@sn3rd.com <mailto:sean@sn3rd.com> > wrote:
>> 
>> All,
>> 
>> This is the working group last call for the "Exported Authenticators in TLS" draft available at https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/ <https://datatracker.ietf..org/doc/draft-ietf-tls-exported-authenticator/> .  Please review the document and send your comments to the list by 2359 UTC on 4 April 2018.
> 
> … 4 May 2018 ...

Just a reminder the WGLC ends tomorrow.

spt
_______________________________________________
TLS mailing list
TLS@ietf.org <mailto:TLS@ietf.org> 
https://www.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email