IETF Logo Mail Archive

Re: [Unbearable] WGLC 3 on core documents

Andrei Popov <Andrei.Popov@microsoft.com> Thu, 02 March 2017 21:27 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DC0212965D for <unbearable@ietfa.amsl.com>; Thu, 2 Mar 2017 13:27:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YC3_UjlwtgHm for <unbearable@ietfa.amsl.com>; Thu, 2 Mar 2017 13:27:19 -0800 (PST)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0124.outbound.protection.outlook.com [104.47.37.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49309120724 for <unbearable@ietf.org>; Thu, 2 Mar 2017 13:27:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=OXldpgRL5EpLOth7Lk4Shs1QHf1XBKvrT8Ov//LY0ec=; b=XV3gc95jl68+01ApRL67e3eMUKOig6y5dIQYXQt2jyRpAiNIp5SjBxWyij2Pyjm+W2jVqfI2CxzpPjpUEhz9tmxd+97SI+eqe8+SdsqNMUiGr73cGf7JC/gzXjMYKhRYjMpDCRrgZsZFynwpXXKpiyzB0DdBWqj9k/0HpUAANL4=
Received: from DM2PR21MB0091.namprd21.prod.outlook.com (10.161.141.14) by DM2PR21MB0090.namprd21.prod.outlook.com (10.161.141.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.961.3; Thu, 2 Mar 2017 21:27:10 +0000
Received: from DM2PR21MB0091.namprd21.prod.outlook.com ([10.161.141.14]) by DM2PR21MB0091.namprd21.prod.outlook.com ([10.161.141.14]) with mapi id 15.01.0961.008; Thu, 2 Mar 2017 21:27:10 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>, Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [Unbearable] WGLC 3 on core documents
Thread-Index: AQHSiK9hN2Zs7g7owEimaRJSUV1QM6F/jmIAgADSkKCAADFmAIAAJ28AgADrEwCAAH7k8A==
Date: Thu, 02 Mar 2017 21:27:10 +0000
Message-ID: <DM2PR21MB0091D0C3BD665968D125C1B88C280@DM2PR21MB0091.namprd21.prod.outlook.com>
References: <90198679-4549-2893-6d91-f4415df217ad@sunet.se> <CABkgnnUPNRS1AUaVZy-Hkk6TD_yxLT8d_fG6LyFbPaJAJg4_cg@mail.gmail.com> <DM2PR21MB0091415B10C6C05BFFB841EC8C290@DM2PR21MB0091.namprd21.prod.outlook.com> <CA+k3eCS4-8uc=k6cupk=x-CGmC-ytE9SsmWrLZGjNkvjKFz3gA@mail.gmail.com> <CABkgnnUnMFRh7bJVsaxBaiZbwbCq9h3KBpkChd=47XWRkQo-Fg@mail.gmail.com> <CA+k3eCQM51jqQNBDjvfSMfuqTetJwsvzjT2eONOj+Gc5wzZ_HQ@mail.gmail.com>
In-Reply-To: <CA+k3eCQM51jqQNBDjvfSMfuqTetJwsvzjT2eONOj+Gc5wzZ_HQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: pingidentity.com; dkim=none (message not signed) header.d=none;pingidentity.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2001:4898:80e8::1d2]
x-microsoft-exchange-diagnostics: 1; DM2PR21MB0090; 7:RzJfyJEagGPWFvhoukNMYPXLwe0bPMZdYdODozvUcKH0pVcBQZpxa5X3k49vv43CI/Cs7/CUKoQ8Oe7xdErLzRpltFaLAEtKqjcSJ+/YuJu1i37NahByFlhHLb7J0oThvOfjik2Ke5w0WB0SgvBUTs9q/2IZIF4qzeR8PtCOhO9+aIp4qehp7XB/UJWO3vPMmCOYbb4wuSS1TpBQhux8wMdWmdMQSEHLzh8Du27LoEQJnd4KfhEi9XT0Q9b021GNsTabqksx0kiazGP6KpK7r8ppKPr7I0XfPcPKaI4Du2LrMBJ69kWn3iIDpvKiPRY4MNY4pAIWYcMlxyflp61vnGPxBG9F2wxGWu5LCI0yTpk=
x-ms-office365-filtering-correlation-id: 8697732c-6321-4e5a-a6df-08d461b2e2d8
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:DM2PR21MB0090;
x-microsoft-antispam-prvs: <DM2PR21MB0090E57C04307EB06F568AC48C280@DM2PR21MB0090.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(21748063052155)(69029272430364);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123564025)(20161123562025)(20161123558025)(20161123560025)(20161123555025)(6072148)(6042181); SRVR:DM2PR21MB0090; BCL:0; PCL:0; RULEID:; SRVR:DM2PR21MB0090;
x-forefront-prvs: 023495660C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(24454002)(377454003)(6246003)(39060400002)(38730400002)(53936002)(10090500001)(93886004)(3280700002)(86362001)(53546006)(33656002)(86612001)(10290500002)(5005710100001)(3660700001)(4326008)(122556002)(2906002)(7736002)(74316002)(8990500004)(19609705001)(5660300001)(2950100002)(7696004)(229853002)(6116002)(55016002)(102836003)(790700001)(81166006)(25786008)(77096006)(8936002)(8676002)(54906002)(6506006)(6306002)(54896002)(236005)(99286003)(9686003)(54356999)(76176999)(50986999)(92566002)(2900100001)(189998001)(6436002)(106116001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR21MB0090; H:DM2PR21MB0091.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM2PR21MB0091D0C3BD665968D125C1B88C280DM2PR21MB0091namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2017 21:27:10.1973 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR21MB0090
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/Al_g8GfL3VccXL3WPZIqSQvOky8>
Cc: "unbearable@ietf.org" <unbearable@ietf.org>, Leif Johansson <leifj@sunet.se>
Subject: Re: [Unbearable] WGLC 3 on core documents
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2017 21:27:21 -0000

Without “different servers”, it is not clear what these keys are supposed to be different from. ☺

How about this:
“In order to prevent cooperating servers from linking user identities, the scope of the Token Binding keys MUST NOT be broader than the scope of the tokens, as defined by the application protocol.”


From: Brian Campbell [mailto:bcampbell@pingidentity.com]
Sent: Thursday, March 2, 2017 5:44 AM
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Andrei Popov <Andrei.Popov@microsoft.com>; Leif Johansson <leifj@sunet.se>; unbearable@ietf.org
Subject: Re: [Unbearable] WGLC 3 on core documents



On Wed, Mar 1, 2017 at 4:43 PM, Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> wrote:
On 2 March 2017 at 08:21, Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>> wrote:
>> I believe there was some opposition to MUST, for deployments where the
>> client has knowledge of the cooperating servers. If nobody opposes a switch
>> to MUST, I think it may be a good change to make.
>
>
> Yes there's a desire for the allowance of different scoping rules for
> application protocols where there's already knowledge of the cooperating
> servers and/or correlatable info is already being sent in a token to
> different servers.

That's not an argument for SHOULD, that's an argument for flexibility
in scoping rules, which you already have.  Since the application
protocol determines the scoping rules, you can let the MUST stand and
define scoping rules for the application protocol that suit your
needs.

Yes it's an argument for flexibility. My concern is with how the text might be interrupted. With the SHOULD to MUST change you're suggesting, it would say,

 "In order to prevent cooperating
   servers from linking user identities, different keys MUST be used
   by the client for connections to different servers, according to the
   token scoping rules of the application protocol."
And I worry that some will zero in on the "different keys MUST be used by the client for connections to different servers" and take it very literally (especially the "to different servers" part) and out of context of the rest of the sentence that qualifies it with respect to the application protocol token scoping rules. Maybe that worry is unfounded but having it be SHOULD felt like it helps give that flexibility.
I take your point though.
What if it just said,

 "In order to prevent cooperating
   servers from linking user identities, different keys MUST be used
   by the client, according to the
   token scoping rules of the application protocol."
taking the "different servers" bit out?

v2.29.0 | Report a Bug | By Email | System Status