Re: [Unbearable] Warren Kumari's No Objection on draft-ietf-tokbind-negotiation-12: (with COMMENT)

Warren Kumari <warren@kumari.net> Thu, 10 May 2018 16:46 UTC

Return-Path: <warren@kumari.net>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83A6E126C2F for <unbearable@ietfa.amsl.com>; Thu, 10 May 2018 09:46:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.08
X-Spam-Level:
X-Spam-Status: No, score=0.08 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Cvb3ADpc9wI for <unbearable@ietfa.amsl.com>; Thu, 10 May 2018 09:46:24 -0700 (PDT)
Received: from mail-wr0-x233.google.com (mail-wr0-x233.google.com [IPv6:2a00:1450:400c:c0c::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7331312D88A for <unbearable@ietf.org>; Thu, 10 May 2018 09:46:23 -0700 (PDT)
Received: by mail-wr0-x233.google.com with SMTP id p18-v6so2668558wrm.1 for <unbearable@ietf.org>; Thu, 10 May 2018 09:46:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=R79oktw6xevPA7p2stwVAdCLFS0IF70BUKSXBC9shyI=; b=AD3OapDS4FHyxYoPPDr/wAl+KMbfbMfF4KCBAXRhKqY/EVdSX/G8hQ1FuwtGIuxxjC 7g+/Mgpo8fKrHLKPzjmDRm719nNWAieucd+cjzEZHXxWS90GjRRRNJDuBeWsRf33WOnI E5Ht5YPHZ8lP5vGq5MHHcK06EfZ+Nb9qNBnGZU0fwT6HgzHCzhFQ8rLcbsdxyo3NDr5V O9XZw9J95xKk8TTCKN1u56KOymZtkkQgReRnFX/VeGi6Z/nASy11tZO9VwsB/TR2xTsI cEcxWKJGjfiVZs/VJC8M4S6qFZetg4wwjfBCA+WFs2zocS5NtpFnfmBM4T4j2L+Ry0At BnIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=R79oktw6xevPA7p2stwVAdCLFS0IF70BUKSXBC9shyI=; b=R57FsH94Mgly29RGsuoXBcE4NzwaJImzV2+//hM+wJsQJAdltRBmJB80KO8AaG8AAK zk5zUDUAFtkeNzYenRtXN1YTevT8bkNprkm4VJnGMn2XKx3bnL3boKl9larjDihV0zg3 LgtxZ7RxuNtpL+h3tEIekp3kzAJaLOuzGpZhG1LAgIicIubcgg6d7KSlQn4iEq/hwXd2 Y/NrxyP60TyfmU7YEOnfMK/wrLjWGPjAFx17/x/F2pnHK/kcd3m/yM53MhTJZ96XwVcc UX2iSiTkSbxyozsAHXldzO9WR9cIqxPW/ZukL39dsR7d+WPdEmUQnYRhsSN21UKiZWzX qbag==
X-Gm-Message-State: ALKqPwfpB2Mhn7+j/t4fFwksdfJG2tHCfdIBVzsfKptb/TRqiFCwFQfu Piilsm1wsfhFLdZwuKO4e0OpTykH+W9w3WRZRfmhSQ==
X-Google-Smtp-Source: AB8JxZqOxQGle1deRllCTmz4ZSIlMm+TcC+xZaEtmpVpu078JbCcEQO8EG4025jDC4aZMLq0fwYx69PptZzW4y3OkBY=
X-Received: by 2002:adf:afce:: with SMTP id y14-v6mr1987281wrd.249.1525970781590; Thu, 10 May 2018 09:46:21 -0700 (PDT)
MIME-Version: 1.0
References: <152587829673.3921.15943204349783206766.idtracker@ietfa.amsl.com> <DM5PR21MB05070A1DC04DC37E7D8EF5AA8C990@DM5PR21MB0507.namprd21.prod.outlook.com>
In-Reply-To: <DM5PR21MB05070A1DC04DC37E7D8EF5AA8C990@DM5PR21MB0507.namprd21.prod.outlook.com>
From: Warren Kumari <warren@kumari.net>
Date: Thu, 10 May 2018 16:45:46 +0000
Message-ID: <CAHw9_iLGn658rPQDxMqESPd17ZdhN0QGr0Jdx3APzfpB4sSd_Q@mail.gmail.com>
To: Andrei.Popov@microsoft.com
Cc: The IESG <iesg@ietf.org>, draft-ietf-tokbind-negotiation@ietf.org, tokbind-chairs@ietf.org, John Bradley <ve7jtb@ve7jtb.com>, unbearable@ietf.org, "Liushucheng (Will)" <liushucheng@huawei.com>
Content-Type: multipart/alternative; boundary="0000000000005fef10056bdcc2fa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/OCyjowdKGnzH8hBzcAJCGcsyJek>
Subject: Re: [Unbearable] Warren Kumari's No Objection on draft-ietf-tokbind-negotiation-12: (with COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 16:46:26 -0000

On Wed, May 9, 2018 at 2:07 PM Andrei Popov <Andrei.Popov@microsoft.com>
wrote:

> Hi Warren,
>
> Thanks for the review. Will make the change suggested by Will Liu in the
> next revision.
>
> TLS 1.3 is sufficiently different that the TB WG decided to specify the
> use of TB with TLS 1.3 in a separate document.
>
> Cheers,
>

​Okey doeky, WFM.
W​



>
> Andrei
>
> -----Original Message-----
> From: Warren Kumari <warren@kumari.net>
> Sent: Wednesday, May 9, 2018 8:05 AM
> To: The IESG <iesg@ietf.org>
> Cc: draft-ietf-tokbind-negotiation@ietf.org; John Bradley <
> ve7jtb@ve7jtb.com>; tokbind-chairs@ietf.org; ve7jtb@ve7jtb.com;
> unbearable@ietf.org; liushucheng@huawei.com
> Subject: Warren Kumari's No Objection on
> draft-ietf-tokbind-negotiation-12: (with COMMENT)
>
> Warren Kumari has entered the following ballot position for
> draft-ietf-tokbind-negotiation-12: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fiesg%2Fstatement%2Fdiscuss-criteria.html&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cef4f94d5157a4ae1bae408d5b5be3b3c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636614751011830665&sdata=5wBkGrbBbh7jpzoGH3KYtPuE6CN4ls4klh4HkT1Xy7E%3D&reserved=0
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-tokbind-negotiation%2F&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cef4f94d5157a4ae1bae408d5b5be3b3c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636614751011830665&sdata=RGE3aQGPO7BxwbQo4bZ0l8utz3zDE%2Fm%2F8lVXd7tqMQA%3D&reserved=0
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Please also see Will LIU's OpsDir review here:
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Freview-ietf-tokbind-negotiation-10-opsdir-lc-liu-2017-12-04%2F&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cef4f94d5157a4ae1bae408d5b5be3b3c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636614751011830665&sdata=mZ70PwPXXG78PxCvhtKN0XxvGnNIwZA98waxfxr44po%3D&reserved=0
> It suggests a simple change which will remove confusion/ambiguity.
>
> The document says (in the Introduction):
> "The negotiation of the Token Binding protocol and key parameters in
> combination with TLS 1.3 and later versions is beyond the scope of this
> document."
>
> How hard would it be to make it work with TLS 1.3? Actually, what part of
> it doesn't already? (I'm guessing I'm missing something super-obvious)...
>
>
>

-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf