Re: [Unbearable] AD Review: draft-ietf-tokbind-protocol-15.txt
Andrei Popov <Andrei.Popov@microsoft.com> Mon, 09 October 2017 19:29 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 181F3132949; Mon, 9 Oct 2017 12:29:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level:
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGYLfRO_FQ_6; Mon, 9 Oct 2017 12:29:45 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0132.outbound.protection.outlook.com [104.47.40.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66B1F1286C7; Mon, 9 Oct 2017 12:29:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oBqiuL5GKMuYK6761ZVD8TJskIPb6huFLgQi/iu51i8=; b=ZrDH5zEYxHeHwoyotelnfwCs/KdTPJK0C4vc73DwuJtk32PwVCIk4EtYBvcJKyC0Xkx86X3Qb6d561pkeT5KlTtTk4xbCys5zmvpxS+q+zUcQn85xvHL3fAruimRHu8HgnJCGb6zQq0H+primu0/uWPbLANOzZsJGqKW9fY9j5I=
Received: from CY4PR21MB0120.namprd21.prod.outlook.com (10.173.189.14) by CY4PR21MB0758.namprd21.prod.outlook.com (10.173.192.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.156.0; Mon, 9 Oct 2017 19:29:43 +0000
Received: from CY4PR21MB0120.namprd21.prod.outlook.com ([10.173.189.14]) by CY4PR21MB0120.namprd21.prod.outlook.com ([10.173.189.14]) with mapi id 15.20.0156.001; Mon, 9 Oct 2017 19:29:43 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: IETF Tokbind WG <unbearable@ietf.org>, "draft-ietf-tokbind-protocol@ietf.org" <draft-ietf-tokbind-protocol@ietf.org>
Thread-Topic: AD Review: draft-ietf-tokbind-protocol-15.txt
Thread-Index: AQHTP6TRt9yVMQ3hAEWvH3AdHSYtFaLbzabAgAAbDYCAAAEbQA==
Date: Mon, 09 Oct 2017 19:29:42 +0000
Message-ID: <CY4PR21MB0120ADBB603D41EA6626642A8C740@CY4PR21MB0120.namprd21.prod.outlook.com>
References: <CABcZeBNUx5=WaFv1FdSpCrUR_Cud_y3Z914J40zTezLmaHuuzQ@mail.gmail.com> <CY4PR21MB01206A90DB61E78720B790F68C740@CY4PR21MB0120.namprd21.prod.outlook.com> <CABcZeBOc5mYn2PeU6t0cTqbuec7dwwVxPP4geaMBW-dE5U2Hxg@mail.gmail.com>
In-Reply-To: <CABcZeBOc5mYn2PeU6t0cTqbuec7dwwVxPP4geaMBW-dE5U2Hxg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:e::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0758; 6:tRpqXuCqHt6DftmURh9Nbd8wikm5C9oTTREwaK0wsg7gTsRoatbqTWvINbn1qyzsGjFEOOsIZauApl+9AyeuJX6S4gtML/3dgJ8vt6erbR+Ld5TCsvrGBobcijSsbIW97p8rykVD3DRnNupGTU0l0gb2Ce8j2LnRNYZ55mQWXRLwJtBLFPyh0k33Nq7mv4ckNxK48esxfF4e3KkExDz3vk1GPalR75HPe3Hnw9jB4HsaBOC4gh3gWJpHyBxurfBA0ZptqDDWRWv1sev4SEfk0D3Hs4Y/z2p9k7HuQJQ5r6res+SkYrnZ0SYSkW1KaUtt64Ir9n8/OFQt/etmvYL2rg==; 5:oCOwzn8aIYXujCLWTdFyZPCJXRsvf9pTBb2CBJHroNtNV8DVNpvlt++aBnC9eIkEkTV+Y3xfvO8x52uZXjj/0SgeNaCV5IxWXTk6V8OriBFSA4UvpW7hKnkK0xjbjmzkm81JhUwJAIHZdu1WLGLxyw==; 24:7oi+8itJsUPKPOKLA7ddYAOopN58sonxVVb4NeVn/6emcgQ8R/f4Jks9ky1Ez7h8t7AZ4eN7kWCopELHwCehYFbPM9GzTi7WOwIcal8WrLA=; 7:ebPCXJD4SisPlfkXamxxVECUGbao5sloxG4drg0uG+Degk/3nUr+klzmO7cgVR18hZslN449+fxo56nByyLOeOEq28F3pVHX2Jcxd76/9DJfjAgOIgqdy11+yGAW9KW2izh+6iAfMwZGrq8H+fk1MfljdhVBp7xDH/xN2p51K97bp6gxhMTcIs7+v5Fk14Rs1ouJ6qfro6QZwtcVWFJBkyB4bmUN/xm7InFexoTnJwc=
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: e362e880-bb1f-447a-e6fe-08d50f4c17cb
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:CY4PR21MB0758;
x-ms-traffictypediagnostic: CY4PR21MB0758:
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397)(89211679590171)(192374486261705)(189930954265078)(100405760836317)(219752817060721)(21748063052155);
x-microsoft-antispam-prvs: <CY4PR21MB07581D99131B34D320BAD5678C740@CY4PR21MB0758.namprd21.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0758; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0758;
x-forefront-prvs: 045584D28C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(346002)(47760400005)(199003)(51444003)(43544003)(51914003)(189002)(50944005)(24454002)(377454003)(3280700002)(3660700001)(10090500001)(8936002)(53546010)(25786009)(478600001)(10290500003)(236005)(9686003)(53946003)(99286003)(6306002)(54896002)(55016002)(189998001)(72206003)(606006)(54356999)(86362001)(76176999)(50986999)(101416001)(86612001)(2906002)(19609705001)(14454004)(2900100001)(8990500004)(790700001)(6506006)(6116002)(7696004)(5660300001)(81156014)(81166006)(106356001)(229853002)(102836003)(105586002)(230783001)(2950100002)(6916009)(8676002)(7736002)(77096006)(22452003)(4326008)(6246003)(54906003)(966005)(53936002)(97736004)(33656002)(74316002)(6436002)(316002)(68736007)(579004)(559001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0758; H:CY4PR21MB0120.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0120ADBB603D41EA6626642A8C740CY4PR21MB0120namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e362e880-bb1f-447a-e6fe-08d50f4c17cb
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Oct 2017 19:29:43.1891 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0758
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/Av1h7AZejQ4sAqNiCctyfLt29r4>
Subject: Re: [Unbearable] AD Review: draft-ietf-tokbind-protocol-15.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Oct 2017 19:29:50 -0000
Will rename, to help avoid confusion. Thanks, Andrei From: Eric Rescorla [mailto:ekr@rtfm.com] Sent: Monday, October 9, 2017 12:23 PM To: Andrei Popov <Andrei.Popov@microsoft.com> Cc: IETF Tokbind WG <unbearable@ietf.org>; draft-ietf-tokbind-protocol@ietf.org Subject: Re: AD Review: draft-ietf-tokbind-protocol-15.txt On Mon, Oct 9, 2017 at 10:49 AM, Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>> wrote: Hi Eric, Thanks for the review. * Specifically can you verify that you intended to deviate from the TLS data structures? Yes, TB specs reuse the “TLS Presentation Language”, but we define our own data structures. Where the WG was not satisfied with the TLS-style formatting of values, we changed them. The formats we use are the result of prolonged discussions and represent the current WG consensus. OK, I've got no problem with that as long as it's intentional TLS WG RFCs define a lot of generic names such as “ECPoint”. I felt at liberty to redefine them in a different protocol spec produced by a different WG. If you think this is a bad idea, I don’t mind renaming, e.g., “TB_ECPoint”. Should I go ahead and rename? I think that would be better, but I could live without if you think it's really bad. Minimally I think you need to call it out in the text, though. -Ekr Cheers, Andrei From: Eric Rescorla [mailto:ekr@rtfm.com<mailto:ekr@rtfm.com>] Sent: Saturday, October 7, 2017 12:45 PM To: IETF Tokbind WG <unbearable@ietf.org<mailto:unbearable@ietf.org>>; draft-ietf-tokbind-protocol@ietf.org<mailto:draft-ietf-tokbind-protocol@ietf.org> Subject: AD Review: draft-ietf-tokbind-protocol-15.txt A rich version of this review can be found at: https://mozphab-ietf.devsvcdev.mozaws.net/D48<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=W856D6FDlIXeYngiYusDRBDzFzkZ3KoCpYqfyojmtqo%3D&reserved=0> 1. If you make an account and login, you can respond to the comments and we can try to resolve them before you produce a new draft. 2. When you're ready to produce a new draft, you can either upload it to the draft repo or send me the pre-draft and either way I'll take care of getting it uploaded here, so we can see diffs, etc. This document seems like it is in fairly good shape. See below for comments. Specifically can you verify that you intended to deviate from the TLS data structures? INLINE COMMENTS View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-307&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=hVf1650fx3r7Lnbgh32L25JUwx4FnlwQUMEswd0gFGk%3D&reserved=0>draft-ietf-tokbind-protocol.txt:111 with the private key. The corresponding public key is included in the Token Binding identifier structure (described in the Section 3.2 "TokenBinding.tokenbindingid"). Token Bindings are long-lived, i.e., the rest of this would be clear if you said "Token Binding ID" here. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-306&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=lKU4dIN5S4JiWFHTBjw2wHIzB%2BdFeFjQbGB0fuh3Zj0%3D&reserved=0>draft-ietf-tokbind-protocol.txt:114 they encompass multiple TLS connections and TLS sessions between a given client and server. To protect privacy, Token Binding IDs are never conveyed over insecure connections and can be reset by the user Can you clarify that while the TB is long-lived, the PoP needs to be refreshed at least as often as you do a full TLS handshake. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-308&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=ctlvGcCUAo4MxrWonLJPyiI6%2FU1g%2FVhWSkpBfG23QXY%3D&reserved=0>draft-ietf-tokbind-protocol.txt:121 cryptographic hash) in the token. Later on, when a client presents a security token containing a Token Binding ID, the server ensures the ID in the token matches the ID of the Token Binding established with I would say "verifies that" View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-309&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=PUHGJWU4gXOlvRhShnXDtP6VMgcJ%2FOd7RoTOb3gepik%3D&reserved=0>draft-ietf-tokbind-protocol.txt:209 opaque point <1..2^8-1>; } ECPoint; ECPoint also exists in RFC 4492, but with different semantics. You should rename. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-310&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=WuHbRliA%2FMT7fDeLF9PANvQSipnX%2B8HHosNHynuX%2Fcw%3D&reserved=0>draft-ietf-tokbind-protocol.txt:231 opaque extension_data<0..2^16-1>; } Extension; IMPORTANT: this definition conflicts with the RFC5246 Extension type, so you should rename it, thus allowing a merged grammar. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-311&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=44FpSI29Z2%2FOvrzotVZsS4KuD%2FUTbjnehNoEW2Dgzq8%3D&reserved=0>draft-ietf-tokbind-protocol.txt:240 TokenBindingID tokenbindingid; opaque signature<0..2^16-1>; /* Signature over the concatenation of tokenbinding_type, Does 0 bytes make sense here View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-317&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=yQiqrG9E9kg9ysxZxb021uA1BvVWn%2Bz5rdBezYsPYbk%3D&reserved=0>draft-ietf-tokbind-protocol.txt:249 TokenBinding tokenbindings<0..2^16-1>; } TokenBindingMessage; This zero seems wrong, as you require at least one TokenBinding structure and those cannot be zero length. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-313&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=Aiu9X1ySApS6NLsMh%2BjUeaqq3TFHrxKZ6bl2h%2B2aSX8%3D&reserved=0>draft-ietf-tokbind-protocol.txt:264 o referred_token_binding - used when requesting tokens that are intended to be presented to a different server. Requesting? View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-324&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=m4gKe%2FdyEYA3ojgkU5Xn%2BxUWw2lPrQhsVGIA%2Bm95VUo%3D&reserved=0>draft-ietf-tokbind-protocol.txt:275 referred_token_binding. Such a bound token enjoys the protections discussed below in Section 7 "Security Considerations". IMPORTANT: This does not appear to be the case. Did the text go missing? In general, this referred case seems fairly confusing and needs more explication in this document. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-314&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=P%2FHkbEIHSyrFl5hhw5T3XkvJhZphC1emZOfMm0ICqk4%3D&reserved=0>draft-ietf-tokbind-protocol.txt:282 parameters, the length (in bytes) of the Token Binding public key, and the Token Binding public key itself. Token Binding ID can be obtained from the TokenBinding structure by discarding the Token Nit: "The Token Binding ID" View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-315&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=TzjkrJWQIH44w9HVNk5efwsNgRbCJdKgyMnTyUVIUuI%3D&reserved=0>draft-ietf-tokbind-protocol.txt:296 define Token Binding keys using other elliptic curves with their corresponding signature and point formats. IMPORTANT: As read, this is a different format than that in RFC 4492, because it does not include the type field required by X9.62. I have two comments about this: 1. It seems unwise to use a different format than TLS. Was that intentional? 2. If the WG has consensus to do so, that should be called out very clearly. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-316&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249789390&sdata=QOLWnvph%2BZvVLXBubWOChrBEZGC3ZxUhyApYg9P%2B7NQ%3D&reserved=0>draft-ietf-tokbind-protocol.txt:319 [FIPS.186-4.2013]. R and S are encoded in big-endian format, preserving any leading zero bytes. IMPORTANT: This is also a different format than that specified in RFC 4492. See the above comments. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-318&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249799398&sdata=4i%2BpvrB7mEjtfvTPXtcxCBUJplqS2stDLTEnJ5o%2BJQg%3D&reserved=0>draft-ietf-tokbind-protocol.txt:394 keys MUST NOT be broader than the scope of the tokens, as defined by the application protocol. I find this a little hard to read. I think what you're saying is that (for instance) in HTTP you need to scope the key no more widely than the cookie? View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-319&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249799398&sdata=fmKe9GW%2Fk2O9yIMmDzGrqHRDtT7VpxBtD3cfW2gBSI8%3D&reserved=0>draft-ietf-tokbind-protocol.txt:455 be rejected by the server. The effect of this is application- specific, e.g. failing requests, a requirement for the client to re- authenticate and present a different token, or connection Nit: "e.g." has a comma after it. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-320&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249799398&sdata=VcQfStUVKadYgd4ejNEQCgM9XTlb0vA5dpxhUY5F0rU%3D&reserved=0>draft-ietf-tokbind-protocol.txt:462 Security tokens can be bound to the TLS layer in a variety of ways: by embedding the Token Binding ID or its cryptographic hash in the token, or by maintaining a database mapping tokens to Token Binding This isn't a binding to the TLS layer but rather a binding to the Token ID, I think. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-321&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249799398&sdata=k0jq%2BZuyjs%2BCBMDVhpiccoysluaHGrQWFZUG4zmvQjA%3D&reserved=0>draft-ietf-tokbind-protocol.txt:514 An initial set of registrations for this registry follows: These registration lists would benefit from some judicious whitespace. E.g., Value: 0 Description: rsa2048_pkcs1.5 Specification: this document Value: 1 Or alternately: Value: 0 Description: rsa2048_pkcs1.5 Specification: this document Value: 1 View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-322&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249799398&sdata=sSVc%2FMe8FiUVAgqTUcW9Curq%2FN7q1y2EamFpUCdJVIg%3D&reserved=0>draft-ietf-tokbind-protocol.txt:615 The manner in which a token is bound to the TLS layer is application- defined and beyond the scope of this document. However, the resulting bound token needs to be integrity-protected, so that an This doesn't seem right: the binding is provide by the EKM signature. View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48%23inline-323&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249799398&sdata=OEhVCzPI%2BunT0vcn6szxljRHSUmn0nXR17xVjQ5MIYg%3D&reserved=0>draft-ietf-tokbind-protocol.txt:643 mode where they don't store or use tokens supplied by the server, e.g. "in private" browsing. When operating in this special privacy mode, applications SHOULD use newly generated Token Binding keys and Nit: "e.g." has a comma after it. REPOSITORY rIETFREVIEW ietf-review REVISION DETAIL https://mozphab-ietf.devsvcdev.mozaws.net/D48<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249799398&sdata=IiVTCIVdUTRA2kZaWBlXbc2iEvdDpjPa7DQQp7O2szg%3D&reserved=0> EMAIL PREFERENCES https://mozphab-ietf.devsvcdev.mozaws.net/settings/panel/emailpreferences/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2Fsettings%2Fpanel%2Femailpreferences%2F&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C37e312945a6b4933d22608d50dbbf2e8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636430023249799398&sdata=funLgRZntFDjz%2FQT%2Bg5YC%2Bm%2Br8y1IXOQ2RiSPd4lX0M%3D&reserved=0> To: ekr-moz, ekr
- [Unbearable] AD Review: draft-ietf-tokbind-protoc… Eric Rescorla
- Re: [Unbearable] AD Review: draft-ietf-tokbind-pr… John Bradley
- Re: [Unbearable] AD Review: draft-ietf-tokbind-pr… Andrei Popov
- Re: [Unbearable] AD Review: draft-ietf-tokbind-pr… Eric Rescorla
- Re: [Unbearable] AD Review: draft-ietf-tokbind-pr… Andrei Popov