[TLS] Last call comments for draft-santesson-tls-(ume-04,supp-00)

<Pasi.Eronen@nokia.com> Mon, 03 April 2006 10:45 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQMYW-00018g-QX; Mon, 03 Apr 2006 06:45:08 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FQMYV-00018Y-FP; Mon, 03 Apr 2006 06:45:07 -0400
Received: from mgw-ext14.nokia.com ([131.228.20.173]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FQMYV-0004E1-0a; Mon, 03 Apr 2006 06:45:07 -0400
Received: from esebh105.NOE.Nokia.com (esebh105.ntc.nokia.com [172.21.138.211]) by mgw-ext14.nokia.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k33AiUSj011563; Mon, 3 Apr 2006 13:44:32 +0300
Received: from esebh101.NOE.Nokia.com ([172.21.138.177]) by esebh105.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 3 Apr 2006 13:45:05 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh101.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 3 Apr 2006 13:45:04 +0300
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 03 Apr 2006 13:45:02 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2402751404@esebe105.NOE.Nokia.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Last call comments for draft-santesson-tls-(ume-04,supp-00)
Thread-Index: AcZXC6k0G1x/GIYAS5STcqLB9lH1HA==
From: Pasi.Eronen@nokia.com
To: stefans@microsoft.com, iesg@ietf.org
X-OriginalArrivalTime: 03 Apr 2006 10:45:04.0676 (UTC) FILETIME=[AAB31E40:01C6570B]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 6cca30437e2d04f45110f2ff8dc1b1d5
Cc: tls@ietf.org
Subject: [TLS] Last call comments for draft-santesson-tls-(ume-04,supp-00)
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Some additional last call comments for draft-santesson-tls-ume-04 
and draft-santesson-tls-supp-00:

1) The IANA considerations sections in both documents are 
   incomplete (missing the requests to assign new numbers), 
   in some details correct (number ranges overlap), and unclear.
   Here's a proposal for better text:

   draft-santesson-tls-supp:

   This document defines a new TLS handshake message,
   "supplemental_data", assigned a value of TBD-BY-IANA from the TLS
   HandshakeType registry defined in [RFC4346].

   This document establishes a new registry, to be maintained by IANA,
   for TLS Supplemental Data Types.  Initially, the registry is empty.
   Values from the range 0-16385 are assigned via Standards Action
   [RFC2434].  Values from the range 16386-65279 are assigned via
   Specification Required [RFC2434].  Values from the range
   65280-65535 are reserved for Private Use [RFC2434].

   draft-santesson-tls-ume:

   This document defines a new TLS extension, "user_mapping", assigned
   a value of TBD-BY-IANA1 from the TLS Extension Type registry
   defined in [RFC4366].

   This document defines a new TLS supplemental data type,
   "user_mapping_data", assigned a value of TBD-BY-IANA2 from the TLS
   Supplemental Data Type registry defined in
   [draft-santesson-tls-supp].

   This document establish a new registry, to be maintained by IANA,
   for TLS User Mapping Types. Initially, the registry contains one
   entry: upn_domain_hint (0). Values from the range 1-63 are assigned
   via Standards Action [RFC2434].  Values from the range 64-223 are
   assigned via Specification Required [RFC2434]. Values from the
   range 224-255 are reserved for Private Use [RFC2434].

2) tls-ume, Section 5: "The client SHOULD only send the
   UserMappingDataList in the supplemental data message if it is 
   agreed upon in the hello message exchange"
  
   This is wrong (and violates a "MUST" in tls-supp): the user 
   mapping data list MUST NOT be sent if it was not agreed in the
   ClientHello/ServerHello exchange.

3) Security considerations in both documents should explicitly 
   point out that the information is not encrypted (and thus visible 
   to eavesdroppers), and is sent before the peer is authenticated
   (unless the "double-handshake" trick is used). This may be obvious 
   to the authors, but not to everyone reading these documents...

4) tls-ume: Would it make sense to define two UserMappingData types,
   one for "user@domain" and another one for just "domain", instead
   of combining them in one type?

5) tls-ume, Section 3: ".. contain a domain name in the "preferred
   name syntax," as specified by RFC 1123". RFC 1123 never even mentions
   the term "preferred name syntax" (it is mentioned in RFC 1034,
   though). 

6) tls-ume: The document should contain at least an informative
   reference to a document describing what this Microsoft UPN is.
   Simply saying it's of the form "user@domain" is not very helpful.
   For instance, does "domain" mean it's a DNS name? (Windows uses
   the word "domain" also for names that don't have anything to 
   do with DNS). Is the domain part an IDN-aware or IDN-unaware 
   domain name slot? (Or neither?) Are some special characters 
   (e.g., punctuation, at sign) in the "user" part forbidden,
   or escaped/encoded somehow specially?

7) References in tls-ume: IMHO references N7,N8,N9 seem more
   Informative than Normative. Reference N5 is never cited in text.
   RFC 1123 is cited in the text, but not included in reference list.

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls