IETF Logo Mail Archive

Re: [Unbearable] WGLC 3 on core documents

Martin Thomson <martin.thomson@gmail.com> Thu, 02 March 2017 01:23 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43890129456 for <unbearable@ietfa.amsl.com>; Wed, 1 Mar 2017 17:23:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-aNElWVQeci for <unbearable@ietfa.amsl.com>; Wed, 1 Mar 2017 17:23:11 -0800 (PST)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E44B1293EB for <unbearable@ietf.org>; Wed, 1 Mar 2017 17:23:10 -0800 (PST)
Received: by mail-qk0-x229.google.com with SMTP id s186so100607526qkb.1 for <unbearable@ietf.org>; Wed, 01 Mar 2017 17:23:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CwUh3m6oWIy1y90gEaBAinMdDb0wN7Ztj3QHNSu3F4I=; b=WLXmUMFetPN9HLVSCargqgKteuDc48SJ0Z6PKuPOY4tRnR3OEq79FDVNPaN021yEVt fDjTBFHZJ95zTYzmqKnvM4Cnnq4nCn2lcIEIoe7L2QtRpl7Voi7iqEZuxNdGa3ruuVZd mX/lNNP1g686DEkeN8kNRw6YoJmD4NercUsi4C6cUYedmEgaWCPhseTP26sTjORs+P6M 0lxbbWcxHGUe747YTaHUp/rHRcGKnpp8IpgPwCh+xOQsnN+x1IlJGxVrJ95dbkDuKidY 988aFddvNbA1nIX9vrgFNijyVK8THsfTiLfiPJHwwK4Po+BssbPHKPfyuWGu7sPnG+FG Rkhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CwUh3m6oWIy1y90gEaBAinMdDb0wN7Ztj3QHNSu3F4I=; b=YvTAHZC4utrNBnfkyKm9JVSIaifxTXF9MzdJ+Zqd5Qj1h7MJkO4OhyuM5sNd46RPy7 R4dk8DXNUH5fDKw1RfUbB6LE6y1zLQVtdQzUT0PC6dZ3AobXOTT5vbYZIwzrFXc7Opdw 9fSXHYdSh9aRyL9ViqsjMI83+c0RtNUKvgaCKxPfvkeZ3GnyDTGh515NqCkwRe5/2E75 z9feEylhP7k9kr2Yp8lgqFSjwWJKb2kVceVY1LcdBPpkzcpSJ+TkuKYSj+2a/eg2CzlL XVPLdBBoYACeLzmbEMaIwNWs1lZbBYGznl9y9lhETQgbfv04iSJnfbNU32rzml2Z55as O0dA==
X-Gm-Message-State: AMke39mw86eyv/qXoiB+F8g3I+YgyiDO4KRc/JvtU8Sz8neUg0VuD95kZICAC3kb1t+kZFKCV5Ey7OgBWVGZ6w==
X-Received: by 10.200.46.91 with SMTP id s27mr15111204qta.278.1488417789306; Wed, 01 Mar 2017 17:23:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.19.112 with HTTP; Wed, 1 Mar 2017 17:23:08 -0800 (PST)
In-Reply-To: <DM2PR21MB0091E48C9639DB3A7ABDC0798C280@DM2PR21MB0091.namprd21.prod.outlook.com>
References: <90198679-4549-2893-6d91-f4415df217ad@sunet.se> <CABkgnnUPNRS1AUaVZy-Hkk6TD_yxLT8d_fG6LyFbPaJAJg4_cg@mail.gmail.com> <CACdeXiKD_cOnFqfKFa1o6n6VzrtrBbN0pfH4DBe7g2TKbMiRLw@mail.gmail.com> <CABkgnnWU=WbrqzF-vOrbyjT9_VG_C77_oLx90C=GRLTcmu3Svg@mail.gmail.com> <CACdeXi+gXHuaxayk03c3COg-Cq96QHVf+udF1D+4fv3Eq+Huiw@mail.gmail.com> <CABkgnnX2oPrHLKvKvZJR1XLbERcWGKUCHerzeyXM7uKHgCtPgA@mail.gmail.com> <DM2PR21MB0091E48C9639DB3A7ABDC0798C280@DM2PR21MB0091.namprd21.prod.outlook.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Thu, 02 Mar 2017 12:23:08 +1100
Message-ID: <CABkgnnWyV72W3T4bdKm8dZzQef0fd0k7e3DLprMzXP92uYCs2w@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/0CH498zXJRPlVf0CrC4MLix9mNM>
Cc: "unbearable@ietf.org" <unbearable@ietf.org>, Leif Johansson <leifj@sunet.se>, Nick Harper <nharper@google.com>
Subject: Re: [Unbearable] WGLC 3 on core documents
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 01:23:12 -0000

On 2 March 2017 at 12:02, Andrei Popov <Andrei.Popov@microsoft.com> wrote:
>> As I mentioned in my review, I would also prefer to see the entire contents of the message signed.
> This does not work if we want to use extensions for attestation.

I can't really test this statement because I don't know what an
attestation necessarily entails.

>> I would have thought that you would instead make the message contents dependent on the type.
> The TB type is not supposed to define the format of the TB message. Its purpose is to distinguish first-party bindings from 3rd-party/federated bindings.

That's only really justifiable if you are certain that you only ever
include a signature over a public key.  As the attestation case
highlights, there are more things that you might want to say than just
"I control this key".  Gaining some flexibility might be the way to do
that.

v2.30.2 | Report a Bug | By Email | System Status