Re: [Unbearable] Alexey Melnikov's No Objection on draft-ietf-tokbind-negotiation-13: (with COMMENT)

Andrei Popov <Andrei.Popov@microsoft.com> Fri, 11 May 2018 01:17 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B974C12E877; Thu, 10 May 2018 18:17:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.021
X-Spam-Level:
X-Spam-Status: No, score=-0.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZPe0GpaKhl1a; Thu, 10 May 2018 18:17:34 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0098.outbound.protection.outlook.com [104.47.42.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACB2612D7F0; Thu, 10 May 2018 18:17:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=WqO1jaZB4YsmySM+zOLJA4bfvgezKUW5piXMZi0hJVo=; b=hUFNAtHJ/eOa9A0oWB+Rmw8iXfqKbK8szFgCUgnv0M9XNlDU8R6hZYDaaQZbbJmz2k5XLGMba7jCsnkp7sX1bPGxomu5xt5TVeeZuyYeg8DB2wSLk+ntxMkytgdScg3hC8iAReWO9vjo1YvL8ihff5Mg2fhA5bIpBu6bBwnt/iQ=
Received: from DM5PR21MB0507.namprd21.prod.outlook.com (10.172.91.141) by DM5PR21MB0777.namprd21.prod.outlook.com (10.173.172.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.776.3; Fri, 11 May 2018 01:17:33 +0000
Received: from DM5PR21MB0507.namprd21.prod.outlook.com ([fe80::49e8:420f:baa2:a62f]) by DM5PR21MB0507.namprd21.prod.outlook.com ([fe80::49e8:420f:baa2:a62f%6]) with mapi id 15.20.0776.004; Fri, 11 May 2018 01:17:33 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
CC: Alexey Melnikov <aamelnikov@fastmail.fm>, The IESG <iesg@ietf.org>, "ve7jtb@ve7jtb.com" <ve7jtb@ve7jtb.com>, "draft-ietf-tokbind-negotiation@ietf.org" <draft-ietf-tokbind-negotiation@ietf.org>, "unbearable@ietf.org" <unbearable@ietf.org>, "tokbind-chairs@ietf.org" <tokbind-chairs@ietf.org>
Thread-Topic: Alexey Melnikov's No Objection on draft-ietf-tokbind-negotiation-13: (with COMMENT)
Thread-Index: AQHT6Gtt913g/fC36Ei7lup5Ug3XGaQpSErggABsqACAAAF48A==
Date: Fri, 11 May 2018 01:17:33 +0000
Message-ID: <DM5PR21MB0507F7C87D2C880469BE44968C9F0@DM5PR21MB0507.namprd21.prod.outlook.com>
References: <152596261976.10484.5075010847906425997.idtracker@ietfa.amsl.com> <DM5PR21MB050744CFEEFE4D0DB9E77EF78C980@DM5PR21MB0507.namprd21.prod.outlook.com> <CAKKJt-dmTH05oVSHXegiOxMcohF-ZYYReHe3XKK7hLj_vSHA+A@mail.gmail.com>
In-Reply-To: <CAKKJt-dmTH05oVSHXegiOxMcohF-ZYYReHe3XKK7hLj_vSHA+A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:c::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR21MB0777; 7:6HI47zWKmRGvW2JdCV/5DEAP8r+hLLeEW5d4rPnEnYImrbTRyDmpfTyJidRuJSOxYyxx0S/3v2t5vds/DxqfPCjyTQVIsjl0E1/gigyIDHTj34KFh8aPpMHwYSu47ashSii7x1QGV0vEuJ+q1+CAetYEtW32c5Gmh9PZK9j0GvTmNmicI8StVAqAw7imbDsxX7y+7qqh0W/4iiwBiZ+J7gX6gEqwCZgCQ5SJa6K5o8+GlWLMIF9eL83DXJA16Oqn; 20:5I6CzC/il2c1n4SOFxlet1kBH9beRQkxz+4D17ljKTJ9buIi1epIQZaRrAEZUg8KybBMSqB1Lhzvm9f9n83OgToIo94r7AamuzIEwwS5j5tkSmYtGTFIE27e6NrG7sb6rOABDP3htToH2SYJiDQBmP+WX3oaB5J+xn/i+2ltUyM=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(2017052603328)(7193020); SRVR:DM5PR21MB0777;
x-ms-traffictypediagnostic: DM5PR21MB0777:
x-microsoft-antispam-prvs: <DM5PR21MB0777ADCF89F0BD2C08656CCF8C9F0@DM5PR21MB0777.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(158342451672863)(89211679590171)(189930954265078)(85827821059158)(219752817060721)(21748063052155)(21532816269658);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(10201501046)(3231254)(2018427008)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:DM5PR21MB0777; BCL:0; PCL:0; RULEID:; SRVR:DM5PR21MB0777;
x-forefront-prvs: 06691A4183
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(376002)(346002)(39860400002)(366004)(39380400002)(189003)(199004)(13464003)(86612001)(68736007)(39060400002)(7736002)(99286004)(5660300001)(86362001)(81166006)(81156014)(53546011)(575784001)(2906002)(8676002)(4326008)(6506007)(7696005)(105586002)(106356001)(8990500004)(3280700002)(6346003)(76176011)(102836004)(3660700001)(22452003)(74316002)(6246003)(6306002)(790700001)(14454004)(476003)(606006)(54896002)(8666007)(53936002)(236005)(6116002)(25786009)(446003)(9686003)(478600001)(316002)(966005)(6436002)(11346002)(8936002)(10290500003)(5250100002)(46003)(2900100001)(229853002)(97736004)(54906003)(6916009)(10090500001)(55016002)(186003)(19609705001)(486006)(33656002)(72206003); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR21MB0777; H:DM5PR21MB0507.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-message-info: 4SKs3Sa10x4Q0eqF4NrzNngrG6UPInMcifkd45fEAL8oWFh8f1ee3GQM5t234mUYzzOT1VH/xHvoJOoHoAe9sIYTEAslCV1vKR2EZAvZTiYG2mSFQT+XnTZorgGkVio8OfC/LmjWxcayJulB1P7vPSOlHAPGjNHnIbfW7Qdp6RXs7D1hXXYwuwsdd1UC8QV9
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DM5PR21MB0507F7C87D2C880469BE44968C9F0DM5PR21MB0507namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: da6dd8d2-7616-4379-c9b7-08d5b6dcf939
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: da6dd8d2-7616-4379-c9b7-08d5b6dcf939
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 May 2018 01:17:33.1165 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR21MB0777
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/0KbgufBA3uV5oFt4avsPg1rmouM>
Subject: Re: [Unbearable] Alexey Melnikov's No Objection on draft-ietf-tokbind-negotiation-13: (with COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 01:17:38 -0000

Hi, Spencer,

Correct, there is no special treatment of major/minor version octets in the Token Binding protocol.
No presumption of interoperability between clients and servers that support different “minor” versions.
(Similarly, a client that only supports TLS 1.1 cannot connect to a server that only supports TLS 1.2.)
No requirement to support previous “minor” versions.

But it has been convenient to use versions 0.<draft revision> for TB Internet-Draft implementations.
It also seems intuitive that the first standard version will be 1.0.

Cheers,

Andrei
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Sent: Thursday, May 10, 2018 5:56 PM
To: Andrei Popov <Andrei.Popov@microsoft.com>
Cc: Alexey Melnikov <aamelnikov@fastmail.fm>; The IESG <iesg@ietf.org>; ve7jtb@ve7jtb.com; draft-ietf-tokbind-negotiation@ietf.org; unbearable@ietf.org; tokbind-chairs@ietf.org
Subject: Re: Alexey Melnikov's No Objection on draft-ietf-tokbind-negotiation-13: (with COMMENT)

Hi, Andrei,

On Thu, May 10, 2018 at 1:31 PM, Andrei Popov <Andrei.Popov@microsoft.com<mailto:Andrei.Popov@microsoft.com>> wrote:
In the next revision, I will add text to explicitly say that "major" and "minor" are for human convenience only and carry no protocol significance.

So this is only used to tell humans how big a change is, in relative terms?

That works for me (and I had chimed in about major/minor versions during IESG evaluation, so thank you).

Spencer

Thanks,

Andrei

-----Original Message-----
From: Alexey Melnikov <aamelnikov@fastmail.fm<mailto:aamelnikov@fastmail.fm>>
Sent: Thursday, May 10, 2018 7:30 AM
To: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>
Cc: draft-ietf-tokbind-negotiation@ietf.org<mailto:draft-ietf-tokbind-negotiation@ietf.org>; John Bradley <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>>; tokbind-chairs@ietf.org<mailto:tokbind-chairs@ietf.org>; ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>; unbearable@ietf.org<mailto:unbearable@ietf.org>
Subject: Alexey Melnikov's No Objection on draft-ietf-tokbind-negotiation-13: (with COMMENT)

Alexey Melnikov has entered the following ballot position for
draft-ietf-tokbind-negotiation-13: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fiesg%2Fstatement%2Fdiscuss-criteria.html&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C5d8b9eb9ce2c426f27a708d5b6828f46%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636615594220695716&sdata=E467o6WxQHxlvE2GxubCyHC7SyuGFhW7T9ET4YrI4hQ%3D&reserved=0
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-tokbind-negotiation%2F&data=02%7C01%7CAndrei.Popov%40microsoft.com%7C5d8b9eb9ce2c426f27a708d5b6828f46%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636615594220695716&sdata=6O%2BlA0ToaiGEjQdqAR1nEOt7nEFo1RbXMjLinFFpx5k%3D&reserved=0



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

   struct {
       uint8 major;
       uint8 minor;
   } TB_ProtocolVersion;

I think naming them "major" and "minor" is misleading, because it doesn't actually mean anything.

Lack of description of how versionning is to be used makes me sad, but I understand that this was discussed in the WG.