Re: [Unbearable] Alexey Melnikov's Discuss on draft-ietf-tokbind-negotiation-12: (with DISCUSS and COMMENT)

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Wed, 09 May 2018 23:00 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3769127867; Wed, 9 May 2018 16:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0GVVxvKNUtRc; Wed, 9 May 2018 16:00:28 -0700 (PDT)
Received: from mail-yb0-x22c.google.com (mail-yb0-x22c.google.com [IPv6:2607:f8b0:4002:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC6DB1200A0; Wed, 9 May 2018 16:00:28 -0700 (PDT)
Received: by mail-yb0-x22c.google.com with SMTP id f3-v6so55912ybg.13; Wed, 09 May 2018 16:00:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=DToM8IGab8o6TkMlGE2y9h7CPR6Jx69dwWeqwmCPMpA=; b=ehRVZs/JGVoKv+sDhCd5ap+wqZUhe2of/spfWGmcLd79reicL7LyOj3fIMOFEG8WJX yu9gz0v/IMUzoDpENQBSGsJU5mimjKAM2yfWIkuYStNfwxjmc4Fw3ykeO9GqAWwvySjW djRR/Elev7mueax8QC8RSE9HNWwJQ6HzayziR2sN3zqck2bWMCjGWkJAe7m7mVlduVUV KB2dIW4JcrohsNPq6wSXenHZ80O4hBumzsZQbpk0AXuq5Hj1Nh73ZZ7G9v8DGl68n9+Q Ww4OovhI764gogKrWon5Mw9zZkm+keSaLAz/Ehv9tgtwrxd6PFQVBoFu6cxhB3Ar9Qzf pKdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=DToM8IGab8o6TkMlGE2y9h7CPR6Jx69dwWeqwmCPMpA=; b=Ld5IuBgYjCr2Q9f9FC2IR4FKHJjtJ6T7ZokKq3VD2GoPzqpzxgwWBMEcGgRoQGQtV5 VAsuLJ911+y9RxaCVTs8tIO9xVUMZJB7xCnMlzG1KT6st9jFeXmfgN+6bZ9IF2rvWqGh C0PoCAJR4WxGEHje7mcaJoRRb5y2p/7cQzClM7fUTkJi+5NPWIe/eQ2tdHRDlSRtX5bO x+vdHstwRIWNGaRwE0gmcqJd/40DGPV6r8FmY/lakh7gziP4Ogc+oI2cgpyLed3kkxwU ospfcOGsSomjf2MroZGYqvOBYqZr6X7aPCW3Dfxm8500UmyS8fIQrzKaTbAJNu0Ka+Qe 3JTw==
X-Gm-Message-State: ALQs6tCDWD0bl3a0e/aNsTM97Z7jz5E09WuH+7JKavAWxkD+Mf1+bpMR 7YQM+X8RdmxWARyaASx1U9UPZmmRho75Pq8nOYg=
X-Google-Smtp-Source: AB8JxZqR6+Zo+BWQ2ENbuodbxmfw5R2G8FjjP0RpKQe299U0rYDiVpgZ5DZdAajgHd/Fpop1INc1xkKQhHT2DCnVQow=
X-Received: by 2002:a25:e08:: with SMTP id 8-v6mr22029461ybo.71.1525906827652; Wed, 09 May 2018 16:00:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a25:d014:0:0:0:0:0 with HTTP; Wed, 9 May 2018 16:00:27 -0700 (PDT)
In-Reply-To: <DM5PR21MB05070DBF7858604599D2A14A8C990@DM5PR21MB0507.namprd21.prod.outlook.com>
References: <152562063795.26840.1916104340550306942.idtracker@ietfa.amsl.com> <DM5PR21MB0507C39C1A09C13C32385F2F8C9B0@DM5PR21MB0507.namprd21.prod.outlook.com> <1525879084.3938368.1366298224.73E1E829@webmail.messagingengine.com> <DM5PR21MB05070DBF7858604599D2A14A8C990@DM5PR21MB0507.namprd21.prod.outlook.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 9 May 2018 18:00:27 -0500
Message-ID: <CAKKJt-e2-JBNdX6uA4b+HV62-WCM7JBfOcugCFqEmUfCz16MDw@mail.gmail.com>
To: Andrei Popov <Andrei.Popov@microsoft.com>
Cc: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>, "ve7jtb@ve7jtb.com" <ve7jtb@ve7jtb.com>, "draft-ietf-tokbind-negotiation@ietf.org" <draft-ietf-tokbind-negotiation@ietf.org>, "unbearable@ietf.org" <unbearable@ietf.org>, "tokbind-chairs@ietf.org" <tokbind-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006c37ad056bcddeec"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/QrceVoljiLBx2oO0rMSDAsd4EJo>
Subject: Re: [Unbearable] Alexey Melnikov's Discuss on draft-ietf-tokbind-negotiation-12: (with DISCUSS and COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 23:00:32 -0000

FWIW,

On Wed, May 9, 2018 at 1:19 PM, Andrei Popov <Andrei.Popov@microsoft.com>
wrote:

> Hi Alexey,
>
> > I urge the WG to think about extensibility now, as opposed to deciding
> later. Both TLS and HTTP specifications put much more thoughts into
> versionning.
> The Token Binding protocol is extensible in multiple ways:
> 1. New algorithms can be introduced by defining new TB key parameters;
> 2. TB protocol supports extensions;
> 3. TB protocol has a version negotiation mechanism.
>
> > If you don't need generic extensibility (you already have ability to
> support different private key types), then maybe you don't need the version
> field at all.
> > You can just get a new TLS extension number if you need some
> incompatible changes.
> Both of these options were discussed at length in the WG, over the years,
> and rejected in favor of the current version negotiation mechanism.
> IMHO it would be unfortunate to renegotiate WG consensus at this point in
> the process.
>

This isn't my Discuss, but I'm responsible for a working group that has
spent a lot of time and electrons defining exactly what major numbers,
minor numbers, and extensions are, and how you know you need to increment
each one of them.

If you folks think you all understand and agree on the details, awesome,
but if you're not sure that's true, this is a great time to figure that
out.

(And I'm a No Objection in any case, so do the right thing)

Spencer (who is thinking of https://datatracker.ietf.org/doc/rfc8178/, for
what THAT'S worth)


> Thanks,
>
> Andrei
>
> -----Original Message-----
> From: Alexey Melnikov <aamelnikov@fastmail.fm>
> Sent: Wednesday, May 9, 2018 8:18 AM
> To: Andrei Popov <Andrei.Popov@microsoft.com>; The IESG <iesg@ietf.org>
> Cc: ve7jtb@ve7jtb.com; draft-ietf-tokbind-negotiation@ietf.org;
> unbearable@ietf.org; tokbind-chairs@ietf.org
> Subject: Re: Alexey Melnikov's Discuss on draft-ietf-tokbind-negotiation-12:
> (with DISCUSS and COMMENT)
>
> Hi Andrei,
>
> On Mon, May 7, 2018, at 8:06 PM, Andrei Popov wrote:
> > Hi Alexey,
> >
> > Thanks for reviewing the specs, I appreciate your comments.
> >
> > > What is the significance of "major" and "minor" versions?
> > There is no normative significance; the version value is split into
> > two parts for convenience of discussion only, so that we can talk
> > about versions such as 0.10, 0.13, 1.0, etc.
>
> I am tempted to suggest that you should replace it with a single unsigned
> 16bit, as "major" doesn't mean anything
>
> > > Any rules on what kind of changed would require increment of the
> "major" version.
> > > Any restrictions on what must remain the same when the "major" (or
> "minor") version gets incremented?
> > We have no such rules; it is common to increment the "major" protocol
> > version when "significant" changes happen, but this is up to future
> > protocol specs to define.
>
> I urge the WG to think about extensibility now, as opposed to deciding
> later. Both TLS and HTTP specifications put much more thoughts into
> versionning.
>
> If you don't need generic extensibility (you already have ability to
> support different private key types), then maybe you don't need the version
> field at all. You can just get a new TLS extension number if you need some
> incompatible changes. (Or to ask it in another way: do you just have the
> version number field to work around strict TLS extension code point
> allocation rules?)
>
> > > Any requirements on backward compatibility when only the "minor"
> version is incremented?
> > There is no backward compatibility between different Token Binding
> > protocol versions, regardless of which component of TB_ProtocolVersion
> > changes.
> >
> > > Wouldn't be better to point to the IANA registry established by
> [I-D.ietf-tokbind-protocol]?
> > Indeed, it may be better to say something like "[I-D.ietf-tokbind-
> > protocol] establishes an IANA registry for Token Binding key parameters"
> > or something to this effect.
> > I'll try to wordsmith this.
>
> Yes, this sounds good.
>
> Best Regards,
> Alexey
>
> > Cheers,
> >
> > Andrei
> >
> > -----Original Message-----
> > From: Alexey Melnikov <aamelnikov@fastmail.fm>
> > Sent: Sunday, May 6, 2018 8:31 AM
> > To: The IESG <iesg@ietf.org>
> > Cc: draft-ietf-tokbind-negotiation@ietf.org; John Bradley
> > <ve7jtb@ve7jtb.com>; tokbind-chairs@ietf.org; ve7jtb@ve7jtb.com;
> > unbearable@ietf.org
> > Subject: Alexey Melnikov's Discuss on draft-ietf-tokbind-negotiation-12:
>
> > (with DISCUSS and COMMENT)
> >
> > Alexey Melnikov has entered the following ballot position for
> > draft-ietf-tokbind-negotiation-12: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut
> > this introductory paragraph, however.)
> >
> >
> > Please refer to
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.i
> > etf.org%2Fiesg%2Fstatement%2Fdiscuss-criteria.html&data=02%7C01%7CAndr
> > ei.Popov%40microsoft.com%7C59e09351f0fe4b2fb9ac08d5b366524f%7C72f988bf
> > 86f141af91ab2d7cd011db47%7C1%7C1%7C636612174409112174&sdata=LDU%2F%2FE
> > r7lCYt0gm0yExDVINW1DGJh5S5cJJRv%2FRULQY%3D&reserved=0
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatat
> > racker.ietf.org%2Fdoc%2Fdraft-ietf-tokbind-negotiation%2F&data=02%7C01
> > %7CAndrei.Popov%40microsoft.com%7C59e09351f0fe4b2fb9ac08d5b366524f%7C7
> > 2f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636612174409112174&sdata=ka1
> > kQLpRehbQmXHtxHj73cqfGsRw1Axvk%2BS%2BjkbOatQ%3D&reserved=0
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > I will be switching to "Yes" once one issue mentioned below is discussed:
> >
> > I would like to have a quick discussion about your versionning model:
> >
> >    struct {
> >        uint8 major;
> >        uint8 minor;
> >    } TB_ProtocolVersion;
> >
> > What is the significance of "major" and "minor" versions?
> > Any rules on what kind of changed would require increment of the "major"
> > version. Any restrictions on what must remain the same when the
> > "major" (or
> > "minor") version gets incremented? Any requirements on backward
> > compatibility when only the "minor" version is incremented?
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > In Section 2:
> >
> >    "key_parameters_list" contains the list of identifiers of the Token
> >    Binding key parameters supported by the client, in descending order
> >    of preference.  [I-D.ietf-tokbind-protocol] defines an initial set of
> >    identifiers for Token Binding key parameters.
> >
> > Wouldn't be better to point to the IANA registry established by [I-
> > D.ietf-tokbind-protocol]?
> > My concern is that you might be misleading implementors into not
> > looking there.
> >
> >
>