Re: [Unbearable] Ben Campbell's Yes on draft-ietf-tokbind-protocol-17: (with COMMENT)

Andrei Popov <Andrei.Popov@microsoft.com> Wed, 09 May 2018 22:16 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C006212778E; Wed, 9 May 2018 15:16:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORRZHmFwZDfd; Wed, 9 May 2018 15:16:34 -0700 (PDT)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01on0130.outbound.protection.outlook.com [104.47.33.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D6BC129C6C; Wed, 9 May 2018 15:16:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=kWrNFGcBZQQESOzCH9AxsPeCfEGzbbPmCp4+x7czzo0=; b=LC9X/4bSLDmr+bvNgUDmgTjL7VJZ3yvam75dBmMmdhlIH9agDkYsTXxD4OSH1lU7ugmEtj5bw7zqyDFWeCAILXlcU2RpHumwrPF3VC6v7w1ODVJM14Y8TjtzUicQELOUyoWtIRusMT/RbLbO2GCNDe8QsKh2wwNqXna2DXBe4NA=
Received: from DM5PR21MB0507.namprd21.prod.outlook.com (10.172.91.141) by DM5PR21MB0698.namprd21.prod.outlook.com (10.175.112.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.776.3; Wed, 9 May 2018 22:16:31 +0000
Received: from DM5PR21MB0507.namprd21.prod.outlook.com ([fe80::49e8:420f:baa2:a62f]) by DM5PR21MB0507.namprd21.prod.outlook.com ([fe80::49e8:420f:baa2:a62f%6]) with mapi id 15.20.0776.004; Wed, 9 May 2018 22:16:31 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Ben Campbell <ben@nostrum.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-tokbind-protocol@ietf.org" <draft-ietf-tokbind-protocol@ietf.org>, John Bradley <ve7jtb@ve7jtb.com>, "tokbind-chairs@ietf.org" <tokbind-chairs@ietf.org>, "ve7jtb@ve7jtb.com" <ve7jtb@ve7jtb.com>, "unbearable@ietf.org" <unbearable@ietf.org>
Thread-Topic: Ben Campbell's Yes on draft-ietf-tokbind-protocol-17: (with COMMENT)
Thread-Index: AQHT58+mtsrc8RjlJ02eHMcPEl51faQn7/jQ
Date: Wed, 09 May 2018 22:16:31 +0000
Message-ID: <DM5PR21MB0507E7960EBFD0D7EBD351048C990@DM5PR21MB0507.namprd21.prod.outlook.com>
References: <152589571183.4023.6683971544993897004.idtracker@ietfa.amsl.com>
In-Reply-To: <152589571183.4023.6683971544993897004.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:c::4ca]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR21MB0698; 7:JPKXjG6cEcGQbu403SVHMFWtxB++F145e6PG2KXZGCIO8mhdKBT21VQDL7oKahNitfvyKs8oHNsv5kJPFY820xVxmqvLvIafpM4Ga1LGSMH1Bk+q3d0ca8AINvq5izSWqhOqYe4q04iR1P/a7mXhZGJNG18l8+FxNiYYlLdn4lddm942B7ZokqxGRehekehZLl3Zb/7+bAI8g2xEhpEu76W+XhGuoCVbSgDHAfenjQTwBnT0YJduLTPxvSQYzoc5; 20:cD995RCa+k1QUdch4tq7AwYqvdvRz6+yrzG4ANScS8HU1wFSCLc8MB8jLZ9CCZO3jnOdCPVrvElxFxmONYqUJ1xxuWqBuQlCq0OZAAylXN2s/ZRcRXFNugtU3XMqvRBK4l+EJwWhYVr+pt30Wi6sdjR4dp6/3PuHKOOLNhfMne8=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(48565401081)(2017052603328)(7193020); SRVR:DM5PR21MB0698;
x-ms-traffictypediagnostic: DM5PR21MB0698:
x-microsoft-antispam-prvs: <DM5PR21MB0698F85BCF070D943C495C958C990@DM5PR21MB0698.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(189930954265078)(219752817060721);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3231254)(2018427008)(944501410)(52105095)(3002001)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(20161123560045)(20161123562045)(6072148)(201708071742011); SRVR:DM5PR21MB0698; BCL:0; PCL:0; RULEID:; SRVR:DM5PR21MB0698;
x-forefront-prvs: 0667289FF8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(346002)(396003)(39380400002)(366004)(376002)(39860400002)(199004)(13464003)(189003)(7736002)(10090500001)(86612001)(106356001)(6306002)(305945005)(5660300001)(76176011)(6346003)(53546011)(59450400001)(55016002)(105586002)(7696005)(6246003)(186003)(102836004)(4326008)(68736007)(6506007)(229853002)(53936002)(99286004)(9686003)(14454004)(2906002)(3280700002)(11346002)(25786009)(446003)(33656002)(6116002)(476003)(2900100001)(74316002)(486006)(97736004)(316002)(575784001)(86362001)(8936002)(72206003)(22452003)(10290500003)(8990500004)(478600001)(54906003)(110136005)(3660700001)(966005)(46003)(6436002)(81156014)(81166006)(8676002)(5250100002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR21MB0698; H:DM5PR21MB0507.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-message-info: zeSnwYj+0ZdoPlWxCEjz1DdrDhdebF5K//hldAn1wbK5rydyJ1IUMiPqwSnUb9ln+ZjmLBlrs+t1rWhSyG8ZzYNqvnaeeBJ1mmIeAl/B6vQ3c5FiVT6M027IqlsOsCWvuiZzHCg4U8xV9FVeHYGQ+CCwKa2dC4gpwuCLRqsHbatVJy9HzZDo6WXOcfZalLGG
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: a1fb5b1e-a640-4b81-533c-08d5b5fa84ef
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a1fb5b1e-a640-4b81-533c-08d5b5fa84ef
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 May 2018 22:16:31.8300 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR21MB0698
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/maEJSb9cpUOiOvPhcnhmSJslZHc>
Subject: Re: [Unbearable] Ben Campbell's Yes on draft-ietf-tokbind-protocol-17: (with COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 22:16:37 -0000

> §1.1: Please consider using the boilerplate from 8174 across this cluster.
Will do.

> §3.1: This section does not seem to sufficiently define the difference between provided_token_binding and referred_token_binding, other than as a mention of the use case from the HTTPS doc. It would be nice if other application protocol bindings did not have to refer to the HTTPS doc to fully understand the basic protocol.
Section 3.1 introduces the TB types, but Sections 4.1 and 4.2 have specific processing requirements, from the perspective of the basic protocol. The use of referred Token Binding requires interaction with an application protocol, and HTTPS is one such protocol, therefore the reference seems appropriate.

> §3.2, last paragraph: Why is this a SHOULD?
From the perspective of being able to change the internal representation of the Token Binding IDs in the future, it would be best if applications did not rely on a particular TB ID structure.
One way to achieve this is to treat TB IDs as opaque byte sequences. There are other ways, and different representations make sense for different APIs, therefore it's not a MUST.

> §3.3, last bullet: Is the EKM from the TLS connection at the time the binding is established (rather than when it might later be used)?
It's the EKM from the current TLS connection where Token Binding is being established.

> §4.1, 2nd paragraph: Why only a SHOULD? It seems like intentionally storing keys in an insecure manner makes the entire protocol pointless.
I do not mind saying MUST, but the degree to which TB keys can be protected depends on the client device capabilities.

> §6.1 (and others): I'm not sure what it means for the expert to be "advised to encourage". Is there something more concrete that could be said? Does this give the advisor grounds to reject a registration?
We could say "...expert will require the inclusion of a reference to a permanent and readily available specification..."

> §1: Please expand TPM on first mention.
Will do.

Thanks,

Andrei

-----Original Message-----
From: Ben Campbell <ben@nostrum.com> 
Sent: Wednesday, May 9, 2018 12:55 PM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-tokbind-protocol@ietf.org; John Bradley <ve7jtb@ve7jtb.com>; tokbind-chairs@ietf.org; ve7jtb@ve7jtb.com; unbearable@ietf.org
Subject: Ben Campbell's Yes on draft-ietf-tokbind-protocol-17: (with COMMENT)

Ben Campbell has entered the following ballot position for
draft-ietf-tokbind-protocol-17: Yes

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fiesg%2Fstatement%2Fdiscuss-criteria.html&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cbef59ff1c14f45d3294108d5b5e6c79a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636614925167967005&sdata=dlNij3YGOsg2g%2Br2hg4kCy2jyGYjZglxTJMhHfABd%2Fo%3D&reserved=0
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-tokbind-protocol%2F&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cbef59ff1c14f45d3294108d5b5e6c79a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636614925167967005&sdata=gmXDfLO1%2B9%2F%2BE6BIdqNUn1OsaSGVBPCSrOXu0bpVQnw%3D&reserved=0



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for this document. I am balloting "yes", but I have a few minor comments:

Minor Comments:

§1.1: Please consider using the boilerplate from 8174 across this cluster.
There are a few instances of lower case keywords across the set.

§3.1: This section does not seem to sufficiently define the difference between provided_token_binding and referred_token_binding, other than as a mention of the use case from the HTTPS doc. It would be nice if other application protocol bindings did not have to refer to the HTTPS doc to fully understand the basic protocol. (Or is it assumed that only HTTPS will use referred_token_binding)?

§3.2, last paragraph: Why is this a SHOULD? Do you envision scenarios where it would make sense to behave differently? For example, if an application made Token Binding IDs available as structured data, what would be the consequences?

§3.3, last bullet: Is the EKM from the TLS connection at the time the binding is established (rather than when it might later be used)?

§4.1, 2nd paragraph: Why only a SHOULD? It seems like intentionally storing keys in an insecure manner makes the entire protocol pointless.

§6.1 (and others): I'm not sure what it means for the expert to be "advised to encourage". Is there something more concrete that could be said? Does this give the advisor grounds to reject a registration?

Editorial Comments:

§1: Please expand TPM on first mention.