Re: [Unbearable] HTTPSTB updates and respin WGLC
Andrei Popov <Andrei.Popov@microsoft.com> Tue, 07 February 2017 00:15 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17195128AC9 for <unbearable@ietfa.amsl.com>; Mon, 6 Feb 2017 16:15:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.022
X-Spam-Level:
X-Spam-Status: No, score=-2.022 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y_glUdkmYLLJ for <unbearable@ietfa.amsl.com>; Mon, 6 Feb 2017 16:15:27 -0800 (PST)
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01on0129.outbound.protection.outlook.com [104.47.32.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FF6F127078 for <unbearable@ietf.org>; Mon, 6 Feb 2017 16:15:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=PRwNXGg+YtGOqFSmRLm4mqbZlHG1HBEDUrrpp4jo0DU=; b=b0u2l/AAb2lykanE3CSR8HnatdG9F5wRUyuKOgCvpxuySLLWPTP3sCN+6s6gDQN86lZvMl8id3fJhsZHtegaeCdcIBMlGmL6GFcrJDzkRJsLn09huawOGlORLw/s/aUStN7CtoLLw6TkGr5bszIsXjm2lt7sRdIhPIvfWCq1Hn4=
Received: from CY1PR0301MB0842.namprd03.prod.outlook.com (10.160.163.148) by CY1PR0301MB0842.namprd03.prod.outlook.com (10.160.163.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Tue, 7 Feb 2017 00:15:25 +0000
Received: from CY1PR0301MB0842.namprd03.prod.outlook.com ([10.160.163.148]) by CY1PR0301MB0842.namprd03.prod.outlook.com ([10.160.163.148]) with mapi id 15.01.0888.025; Tue, 7 Feb 2017 00:15:25 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Thread-Topic: [Unbearable] HTTPSTB updates and respin WGLC
Thread-Index: AQHSgKU2H782DYLSAEOPK8wfkxaST6FcTAuwgABakICAAAHYMIAAAp0AgAABgkA=
Date: Tue, 07 Feb 2017 00:15:24 +0000
Message-ID: <CY1PR0301MB0842F6C38E5FCB9578EABEDC8C430@CY1PR0301MB0842.namprd03.prod.outlook.com>
References: <4ab4ab60-3798-d227-8f91-d310b5b3e9c7@KingsMountain.com> <CY1PR0301MB0842D89387876FDA7713DF578C400@CY1PR0301MB0842.namprd03.prod.outlook.com> <6801C875-65FA-4C4F-B45B-59AD7D734845@ve7jtb.com> <CY1PR0301MB08424BA2CDD90B2B8B7934948C430@CY1PR0301MB0842.namprd03.prod.outlook.com> <B93CDAC1-BACA-4103-AB53-AE7AD0D6C7A0@ve7jtb.com>
In-Reply-To: <B93CDAC1-BACA-4103-AB53-AE7AD0D6C7A0@ve7jtb.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-originating-ip: [2001:4898:80e8:9::1d2]
x-ms-office365-filtering-correlation-id: fa0e7ece-6cdf-4818-efef-08d44eee69e2
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY1PR0301MB0842;
x-microsoft-exchange-diagnostics: 1; CY1PR0301MB0842; 7:b+twI89hNzjBI98BGvIbofh88JsJzYqdg0UkE7iHbehvxpaCt57RJa/ssIntrgtDTkHYgiu3dwn0bNOSitIberGZnM1ciq4hYtb2O6KB7EuNYzfM1CxigeSm1RCYdCiGz1bP6nkMbSu2vR+N1ZJf1DULqu2/9ZM43IN+eu7SkFnF4V5QjPLInfdRBMhAhNRQIaBIfKGngH4hk34kWx3lnCuPkmHKEWn2EdWczHAu/kD/as2MIzPIppToTfzYD6XcGnYulqNyNyg4IXEa1+JDDXQsb27rJHwp9DnSmZ0WIRUG3aBr588JyQBH4KFxZxgUBWMLn0xz9Nxl7xkq9X4S14qmL5tYuW+Kb7c8PulEoPXUDkNIBz3qljFIJ/O9lc+1DgsSKC4/QDjEapLqmf+SxQMDk3K9HugKSsdK/QjriovEWaKUcsODKSHMDOSL1zicnbdkAKkwI9VM29lSVOmZK+9fiOWyudp7FuL8teHg3ZUXLmzRUrEoSspY3TG2858e7EAi9kTYRrtb/F4NkL5T0Dr+yaH1v1pkjpHzp0WpR1k=
x-microsoft-antispam-prvs: <CY1PR0301MB08428C5DB17723BCE21AB5948C430@CY1PR0301MB0842.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(211936372134217);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(20170203043)(8121501046)(5005006)(3002001)(10201501046)(6055026)(61426038)(61427038)(6041248)(20161123555025)(20161123558025)(20161123560025)(20161123564025)(20161123562025)(6072148); SRVR:CY1PR0301MB0842; BCL:0; PCL:0; RULEID:; SRVR:CY1PR0301MB0842;
x-forefront-prvs: 0211965D06
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(39860400002)(39840400002)(39410400002)(39850400002)(39450400003)(189002)(24454002)(199003)(51914003)(377454003)(13464003)(76176999)(3280700002)(86612001)(3660700001)(53936002)(97736004)(189998001)(33656002)(93886004)(92566002)(50986999)(122556002)(54356999)(101416001)(110136004)(305945005)(74316002)(7736002)(6916009)(2950100002)(6116002)(102836003)(7696004)(6246003)(106116001)(81156014)(68736007)(81166006)(8676002)(5660300001)(105586002)(38730400002)(25786008)(8936002)(106356001)(8990500004)(9686003)(2906002)(6506006)(4326007)(5005710100001)(54906002)(15650500001)(86362001)(10090500001)(6436002)(10290500002)(77096006)(99286003)(2900100001)(55016002)(229853002)(6306002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0301MB0842; H:CY1PR0301MB0842.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Feb 2017 00:15:24.9193 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0301MB0842
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/VazT-p2JxodDPItKeOPX5fCBKw4>
Cc: IETF TokBind WG <unbearable@ietf.org>, Dirk Balfanz <balfanz@google.com>, =JeffH Hodges <Jeff.Hodges@KingsMountain.com>
Subject: Re: [Unbearable] HTTPSTB updates and respin WGLC
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2017 00:15:29 -0000
I'll do anything a mere co-editor can do, to help move this along:) -----Original Message----- From: John Bradley [mailto:ve7jtb@ve7jtb.com] Sent: Monday, February 6, 2017 4:08 PM To: Andrei Popov <Andrei.Popov@microsoft.com> Cc: =JeffH Hodges <Jeff.Hodges@KingsMountain.com>; Dirk Balfanz <balfanz@google.com>; IETF TokBind WG <unbearable@ietf.org> Subject: Re: [Unbearable] HTTPSTB updates and respin WGLC Thanks for the update. Lets get this done before you ship Creators update:). John B. > On Feb 6, 2017, at 9:01 PM, Andrei Popov <Andrei.Popov@microsoft.com> wrote: > > Hi John, > > I believe Jeff is working on another PR, then once that's merged we should be able to publish the 3 updated I-Ds. > > Cheers, > > Andrei > > -----Original Message----- > From: John Bradley [mailto:ve7jtb@ve7jtb.com] > Sent: Monday, February 6, 2017 3:52 PM > To: Andrei Popov <Andrei.Popov@microsoft.com> > Cc: =JeffH Hodges <Jeff.Hodges@KingsMountain.com>; Dirk Balfanz <balfanz@google.com>; IETF TokBind WG <unbearable@ietf.org> > Subject: Re: [Unbearable] HTTPSTB updates and respin WGLC > > When do you think you guys can push “final" versions for the WG? > > I am hoping we can have these specs wrapped up by Chicago. > > John B. >> On Feb 6, 2017, at 3:30 PM, Andrei Popov <Andrei.Popov@microsoft.com> wrote: >> >>> Though, in the plural case, would using "keys" rather than "key pairs" >> work for you? >> >> This is just aesthetic preference; I can live with either phrasing... >> >> -----Original Message----- >> From: Unbearable [mailto:unbearable-bounces@ietf.org] On Behalf Of =JeffH >> Sent: Monday, February 6, 2017 10:17 AM >> To: Andrei Popov <Andrei.Popov@microsoft.com>; Dirk Balfanz <balfanz@google.com> >> Cc: IETF TokBind WG <unbearable@ietf.org> >> Subject: Re: [Unbearable] HTTPSTB updates and respin WGLC >> >> cf: <https://www.ietf.org/mail-archive/web/unbearable/current/msg01147.html> >> [ i suspect Dirk had not seen Andrei's email prior to merging PR #92 ] >> >> Andrei wrote on Fri, 3 Feb 2017 01:51:23 +0000: >>> >>> A few editorial suggestions below. >>> >>>> I think this needs to be rephrased: >>>> The Token Binding ID of a TLS connection is constructed using >> the public key OF a private-public key pair, OF which >> the client proves possession OF the private key to >> the server. >>> Perhaps better to just split this into two sentences: >>> >>> The Token Binding ID of a TLS connection is constructed using the > public key of a private-public key pair. >>> The client proves possession of the corresponding private key. >> >> thx, queued. >> >> >>>> (clients use different Token Binding key pairs for different... >>>> The scoping for those Token Binding key pairs generated by Web >> browsers in... >>>> browsers MAY use different key pair scoping rules. >>>> For privacy reasons, clients use different Token Binding key pairs >> of the Token Binding key pair. It is possible that the Token >> <section title="Scoping of Token Binding Key Pairs"... >>>> [...] >>> >>> While not wrong, all these key pairs seem unnecessary. The Token > Binding key is asymmetric, so clearly it has a private and public > component. >> >> It seems inaccurate and potentially confusing to speak of a singular "token binding key" when we have explicitly termed it a "private-public key pair", and it is indeed two separate (although related) artifacts. >> >> Though, in the plural case, would using "keys" rather than "key pairs" >> work for you? >> >>>> contains both: a proof of possession of the provided Token Binding >> ID, as well as a proof of possession of the referred Token Binding >> ID > It's a proof of possession of a Token Binding key, I think. >> >> ok, queued, thx again. >> >> =JeffH >> >> _______________________________________________ >> Unbearable mailing list >> Unbearable@ietf.org >> https://www.ietf.org/mailman/listinfo/unbearable >> >> _______________________________________________ >> Unbearable mailing list >> Unbearable@ietf.org >> https://www.ietf.org/mailman/listinfo/unbearable >
- Re: [Unbearable] HTTPSTB updates and respin WGLC =JeffH
- Re: [Unbearable] HTTPSTB updates and respin WGLC Andrei Popov
- Re: [Unbearable] HTTPSTB updates and respin WGLC John Bradley
- Re: [Unbearable] HTTPSTB updates and respin WGLC Andrei Popov
- Re: [Unbearable] HTTPSTB updates and respin WGLC John Bradley
- Re: [Unbearable] HTTPSTB updates and respin WGLC Andrei Popov
- Re: [Unbearable] HTTPSTB updates and respin WGLC Leif Johansson