[Unbearable] Benjamin Kaduk's Yes on draft-ietf-tokbind-negotiation-13: (with COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Thu, 10 May 2018 12:45 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: unbearable@ietf.org
Delivered-To: unbearable@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AED8C120454; Thu, 10 May 2018 05:45:19 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk <kaduk@mit.edu>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tokbind-negotiation@ietf.org, John Bradley <ve7jtb@ve7jtb.com>, tokbind-chairs@ietf.org, ve7jtb@ve7jtb.com, unbearable@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.80.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152595631970.10267.10188172038443610412.idtracker@ietfa.amsl.com>
Date: Thu, 10 May 2018 05:45:19 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/QTFMOaAxHNZ4BUbFEixJwUS4fbg>
Subject: [Unbearable] Benjamin Kaduk's Yes on draft-ietf-tokbind-negotiation-13: (with COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2018 12:45:20 -0000
Benjamin Kaduk has entered the following ballot position for draft-ietf-tokbind-negotiation-13: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tokbind-negotiation/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I agree with Adam and Warren's comments. The point already made about version negotiation has a corollary that if the client sends a dense list of versions, then the server will know decisively that a specific version has (or has not) been negotiated, and can rely on that at the application layer. When the client can receive an unsupported version back from the server, the client will not use token binding and the server has to infer from the client's application-layer traffic whether token binding is expected to be in use. (Whether or not this is a desired or useful property to have is not necessarily clear.) Section 4 the client advertises, then the server MUST NOT include "token_binding" extension in the server hello. Nit: """the "token_binding" extension""" Section 6.1 The Token Binding protocol version and key parameters are negotiated via "token_binding" extension within the TLS handshake. [...] Nit: """the "token_binding" extension". (Also at the end of this paragraph.) [...] TLS prevents active attackers from modifying the messages of the TLS handshake, therefore it is not possible for the attacker to remove or modify the "token_binding" extension. I wonder if we want to explicitly say *successful* TLS handshakes, but given the context in the main protocol document it's probably not necessary.
- [Unbearable] Benjamin Kaduk's Yes on draft-ietf-t… Benjamin Kaduk
- Re: [Unbearable] Benjamin Kaduk's Yes on draft-ie… Andrei Popov