IETF Logo Mail Archive

Re: [Unbearable] Ben Campbell's Yes on draft-ietf-tokbind-negotiation-12: (with COMMENT)

Eric Rescorla <ekr@rtfm.com> Wed, 09 May 2018 21:05 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CA6412DA72 for <unbearable@ietfa.amsl.com>; Wed, 9 May 2018 14:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.609
X-Spam-Level:
X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIMWL_WL_MED=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJOlc95Uahog for <unbearable@ietfa.amsl.com>; Wed, 9 May 2018 14:05:44 -0700 (PDT)
Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAFF812DB6D for <unbearable@ietf.org>; Wed, 9 May 2018 14:05:41 -0700 (PDT)
Received: by mail-oi0-x233.google.com with SMTP id w123-v6so23810192oia.4 for <unbearable@ietf.org>; Wed, 09 May 2018 14:05:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Y134SiuuIGPDoe3CvWxACCn72QRM9TZFKEWPsXcwRKo=; b=CjZpYJCBO0JoQqZ3Z8iQKxT5ieQSvWuMv0q812m5W8PA+8pVxcelX+qSBYVfd+Geyb /+I3tOC171cfjGrpPo1Bau8gPy0/FOztaE8raHqG0Cuq0WoM3hR/owcPNonew8OYcSEU ouJoRmORqeWhGlg+4U7/xf6D9LtdKQ/cOUlrTAWQJ5oe4GhgapR3jx7+M2LMalxZqOi/ vwYPcW0F1mnKHjhGh1JBBlZYg40dPc/2bmMON7r8RU1toN3M0IWis1nnYSfER23Pg9W9 py0bRJ0Q/rXp98MDo7G/ZoYxc8WdhVSuFzMUSNIphwsUurqI5QUO0gMKKoBmGy1pALSZ Y9zA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Y134SiuuIGPDoe3CvWxACCn72QRM9TZFKEWPsXcwRKo=; b=XZ0GQkUsC0HLrRNC6XWcMaiFrOCX6WZ5dqEJZJpPTl6nzajvgdJF6duWcIVaSyKGjf M0P9HnPCv1JO9QdBwBfgYh8/yxVDOcp71xfKxpkxGHOxEedhK09EVHfE1tok+JhAy0Wr sw8T5I6tZOUidUSsNmEqjaa9wc9kOY//sGJXiwRTjbIkHAKSh4t1JgN2TyEX+vAnJf// Huoi9PhfFGMWIr5ouaex6Bknm/TySLHRMgoTMGqnf0wDYABLH9PPY/1SdyWJkFIWGr85 x5nS3AETcqmnyF/w4ByZUOs8iGdbjaO/51qKL4mB+8+cvv6kuJ0MSrO1B4bQtPjsVqQS /G3A==
X-Gm-Message-State: ALQs6tCGHMoxMKVy55GymuqZoRyTIeYUigxymoJjWMaSEntVschwR9Yc 1jPL298LZkr4aDxUEra4x4Bi7EznP02ueBYVKkARiA==
X-Google-Smtp-Source: AB8JxZopAD/Q/D389j4t/BChr89FdbBqMTxjw4rYW4tp9eycWBTb3/GD0bBZVp8Y6dFRlQE43nVYBBEfdd+1XcwklIs=
X-Received: by 2002:aca:3cc1:: with SMTP id j184-v6mr31091371oia.91.1525899940969; Wed, 09 May 2018 14:05:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.201.118.130 with HTTP; Wed, 9 May 2018 14:05:00 -0700 (PDT)
In-Reply-To: <152589634849.4060.1233669853296271255.idtracker@ietfa.amsl.com>
References: <152589634849.4060.1233669853296271255.idtracker@ietfa.amsl.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 09 May 2018 14:05:00 -0700
Message-ID: <CABcZeBM+u7xCCTrhnua8+SRZM6ruEBMgiew42FdiiN-=8tZryQ@mail.gmail.com>
To: Ben Campbell <ben@nostrum.com>
Cc: The IESG <iesg@ietf.org>, John Bradley <ve7jtb@ve7jtb.com>, draft-ietf-tokbind-negotiation@ietf.org, IETF Tokbind WG <unbearable@ietf.org>, tokbind-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f1d8fd056bcc4391"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/Mzthp_f_z9W0iZQwEzJgBwiArIE>
Subject: Re: [Unbearable] Ben Campbell's Yes on draft-ietf-tokbind-negotiation-12: (with COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 21:05:45 -0000

On Wed, May 9, 2018 at 1:05 PM, Ben Campbell <ben@nostrum.com> wrote:

> Ben Campbell has entered the following ballot position for
> draft-ietf-tokbind-negotiation-12: Yes
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-tokbind-negotiation/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thanks for this document. I am balloting "yes", but have a few comments:
>
> - I support Alexey's DISCUSS. Additionally, do I understand the version
> negotiation to require the client to support all previous version from the
> one
> it initially advertises? If so, how would you deprecate a version at some
> time
> in the future?
>

You can't do it in the CH. The assumption is that the server will pick the
highest
common version in the SH and if you don't support that, you abort.

-Ekr

v2.23.0 | Report a Bug | By Email