[Unbearable] Benjamin Kaduk's Yes on draft-ietf-tokbind-protocol-18: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Thu, 10 May 2018 12:20 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: unbearable@ietf.org
Delivered-To: unbearable@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1])
by ietfa.amsl.com (Postfix) with ESMTP id B8E1D120454;
Thu, 10 May 2018 05:20:31 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk <kaduk@mit.edu>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-tokbind-protocol@ietf.org, John Bradley <ve7jtb@ve7jtb.com>,
tokbind-chairs@ietf.org, ve7jtb@ve7jtb.com, unbearable@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152595483174.10442.10462674758027265217.idtracker@ietfa.amsl.com>
Date: Thu, 10 May 2018 05:20:31 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/HWTNtqy5J3snFld14O8KsMKmL_Q>
Subject: [Unbearable] Benjamin Kaduk's Yes on
draft-ietf-tokbind-protocol-18: (with COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "\"This list is for discussion of proposals for doing better than
bearer tokens \(e.g. HTTP cookies,
OAuth tokens etc.\) for web applications. The specific goal is chartering a WG
focused on preventing security token export and replay attacks.\""
<unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>,
<mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>,
<mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 12:20:32 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-tokbind-protocol-18: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tokbind-protocol/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 2 When a server supporting the Token Binding protocol receives a bound token, the server compares the Token Binding ID in the token with the Token Binding ID established with the client. If the bound token came from a TLS connection without a Token Binding, or if the Token Binding IDs do not match, the token is rejected. "came from" is perhaps a bit ambiguous; I'd suggest "is received on" instead. Section 3.3 The need for synchronization between application+token-binding and the TLS stack (around renegotiation) is real, but is also potentially really hard. Can we get some guidance on how to not screw it up? Section 3.4 An implementation MUST ignore any unknown Token Binding types. This is the section on extensions; do we mean to say that unknown extension types are to be ignored? (If we do, it would seem to duplicate a line in Section 4.2.) Section 4.1 The client MUST include at least one TokenBinding structure in the Token Binding message. The key parameters used in the provided_token_binding MUST match those negotiated with the server (e.g., via [I-D.ietf-tokbind-negotiation] or a different mechanism). This seems to imply but not specifically state that the mandatory TokenBinding is of type provided_token_binding. Changing "the" to "this" in the second line would subtly sneak this in, but it's probably better to also explicitly say "of type provided_token_binding" in the first sentence. Section 4.2 I would suggest adding a pargaraph break between the sentences in If the use of the Token Binding protocol was not negotiated, but the client sends the Token Binding message, the server MUST reject any contained bindings. If the Token Binding type is "provided_token_binding", the server MUST verify that the signature algorithm (including elliptic curve in the case of ECDSA) and key length in the Token Binding message match those negotiated with this client (e.g., via [I-D.ietf-tokbind-negotiation] or a different mechanism). If a Token Binding is rejected, any associated bound tokens MUST also be rejected by the server. [...] Is "associated" scoped to "presented on the current TLS connection" or a more global property? (I understand that the association could be either via direct embedding of ID in token or via an external database mapping.) Section 6.1 This policy sounds more like "Specification Required" than "Expert Review" (the former still includes expert review).
- [Unbearable] Benjamin Kaduk's Yes on draft-ietf-t… Benjamin Kaduk
- Re: [Unbearable] Benjamin Kaduk's Yes on draft-ie… Andrei Popov