Re: [Unbearable] AD Review: draft-ietf-tokbind-negotiation-09.txt

Andrei Popov <Andrei.Popov@microsoft.com> Mon, 13 November 2017 14:37 UTC

Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFC7B124D37 for <unbearable@ietfa.amsl.com>; Mon, 13 Nov 2017 06:37:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.81
X-Spam-Level:
X-Spam-Status: No, score=-2.81 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7sms17TWR3Zu for <unbearable@ietfa.amsl.com>; Mon, 13 Nov 2017 06:37:27 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0097.outbound.protection.outlook.com [104.47.40.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20C16128CDC for <unbearable@ietf.org>; Mon, 13 Nov 2017 06:37:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NDYUkw3YxFuTyUOKqm6u1Ada6lBQMS0JtrxAArhYrEQ=; b=G4Jg9t5OuXThHN1ofsTgAAp3ghk3doUJfA2KohSyboqv67ejeWk4LhZ1rGff7hFlAs2TlPjbILXEsjZ/UN1fn0xNger2/vtbSC/3ah3rq3RyFRxt3psG3Y+A/XUxwSE+MmU7LkgjqYmyB1gXj00Vv/uL96gWlAxtEIkJrQ6pyaw=
Received: from CY4PR21MB0120.namprd21.prod.outlook.com (10.173.189.14) by CY4PR21MB0776.namprd21.prod.outlook.com (10.173.192.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.260.0; Mon, 13 Nov 2017 14:37:25 +0000
Received: from CY4PR21MB0120.namprd21.prod.outlook.com ([10.173.189.14]) by CY4PR21MB0120.namprd21.prod.outlook.com ([10.173.189.14]) with mapi id 15.20.0239.004; Mon, 13 Nov 2017 14:37:25 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>, IETF Tokbind WG <unbearable@ietf.org>, "draft-ietf-tokbind-negotiation@tools.ietf.org" <draft-ietf-tokbind-negotiation@tools.ietf.org>
Thread-Topic: [Unbearable] AD Review: draft-ietf-tokbind-negotiation-09.txt
Thread-Index: AQHTP6bi1HjZQfs9hEKzAk/o21JpK6MSew+AgAAezVA=
Date: Mon, 13 Nov 2017 14:37:24 +0000
Message-ID: <CY4PR21MB012057579C1F371C80B66C628C2B0@CY4PR21MB0120.namprd21.prod.outlook.com>
References: <CABcZeBM6BYN3VoAmQafAm+gXn97e2RjgZKwJVuf6giK+Q_Q6og@mail.gmail.com> <CABcZeBNKRu81wGv4UKQL5JHzd3kCTEBF61pnety3aQgRCCGLSw@mail.gmail.com>
In-Reply-To: <CABcZeBNKRu81wGv4UKQL5JHzd3kCTEBF61pnety3aQgRCCGLSw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=andreipo@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2017-11-13T14:37:32.1111107Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:67c:1232:144:9588:ba3e:2810:4148]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0776; 6:IfMCKOTb8U/cDudbCSBvx1zAIkEzfv/t60QB9sfbuFAnpr1eOxXECF14XoznZY2Udi3jlePu2FjCB1xsUZhDHrjZh8u1mj485Tn9OQuBeMeBkftxlmNIPMari0pfywubwgeb5N5Eiqx7Wc+Mf5acVPb58S7ZIkUFkFdW3REdFHSit0rGVcsWxDE0IHM4p2SpoVVUxcEUlvbXnjB79MIQOGrTFvZgx3b2hQfwQIBFYXlB6iBJHurNSBxvvGr9o299a/yJws1JXpKWwmhDdV1im4UHfyO9mM9dS5QDPfB5acVZ6u5nPDqc3BpevLsrdt87YTDT7pZYXQ3p+jBvvmU3Bj6hhoODErmOKSs3e7jjE00=; 5:jh2N59KzpIZ14H/Y4q36BQ3F1GKiRt6X5ghLAKVTJ4UJdgJc8UDI9U6RfNMENacnVshJq+4MHZXl1ashbBD2gDwHjtHENsKRT5XSTNuBGHCsjWuV1RWKL07GeoEEYkD5M78PpL30fDk+uWSsEdYGAk3+DLUALTbwHWFj4tdSYu4=; 24:MjKKJpTZj+JRHMpDxHsa8KIQWMpAf4/bmtvYbRv2RsPcSLp4BvU6TZ0kzf5skyJ/pkO0M7kdedJSsU66yEuuJoAk3s/uptxP8S/3p8TRKns=; 7:VfbvrebMTSbh6ou9FgopHBu/WM4LUygLUNYQ1oz01zL1VSRUlrAr7GPP286PdMSGdu1HJ7FaIRm16m50Ql41uSesQLPH7Ph9blsoVjaPkYrkGnUKZMDtXKV7RwA4SGEDgQp5fy1NIAW7i22GiDh+7Li/9JV9F/RDVCS5oyW6EICXaxm07OvaTNn6ye/p/lWFNLXre00FNi7x+ZYsEmU9nzVTRXP/B26pmXfHOHKOMZCMv7H6l5Jc0NdYVWrmnd//
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 8016aef6-b721-4529-70f9-08d52aa40ed5
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603258); SRVR:CY4PR21MB0776;
x-ms-traffictypediagnostic: CY4PR21MB0776:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-prvs: <CY4PR21MB0776C600293757586F5D94E18C2B0@CY4PR21MB0776.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(189930954265078)(219752817060721)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(61425038)(6040450)(2401047)(5005006)(8121501046)(3002001)(10201501046)(3231022)(100000703101)(100105400095)(93006095)(93001095)(6055026)(61426038)(61427038)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123564025)(20161123558100)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY4PR21MB0776; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY4PR21MB0776;
x-forefront-prvs: 0490BBA1F0
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(39860400002)(47760400005)(43544003)(189002)(24454002)(199003)(606006)(99286004)(790700001)(102836003)(6116002)(86362001)(86612001)(106356001)(2950100002)(230783001)(105586002)(10090500001)(7696004)(5660300001)(3280700002)(74316002)(2906002)(3660700001)(72206003)(97736004)(189998001)(7736002)(966005)(8990500004)(6246003)(54896002)(8676002)(81156014)(81166006)(9686003)(236005)(6306002)(53936002)(55016002)(33656002)(101416001)(19609705001)(2900100001)(25786009)(68736007)(2501003)(229853002)(10290500003)(110136005)(53546010)(50986999)(76176999)(54356999)(316002)(77096006)(6436002)(8936002)(6506006)(478600001)(14454004)(22452003); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0776; H:CY4PR21MB0120.namprd21.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB012057579C1F371C80B66C628C2B0CY4PR21MB0120namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8016aef6-b721-4529-70f9-08d52aa40ed5
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2017 14:37:24.7321 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0776
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/cKP2rWO3NDLuoImZKBTGq-s3NJk>
Subject: Re: [Unbearable] AD Review: draft-ietf-tokbind-negotiation-09.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Nov 2017 14:37:30 -0000

Sounds good; I’ll make the suggested changes in TBPROTO and TBNEGO along with any other updates that may result from LC.

Cheers,

Andrei

From: Unbearable [mailto:unbearable-bounces@ietf.org] On Behalf Of Eric Rescorla
Sent: Monday, November 13, 2017 8:45 PM
To: IETF Tokbind WG <unbearable@ietf.org>rg>; draft-ietf-tokbind-negotiation@tools.ietf.org
Subject: Re: [Unbearable] AD Review: draft-ietf-tokbind-negotiation-09.txt

The new version is looking good. I have two minor comments:

- I still think it would be good to sharpen the discussion of version negotiation a bit.
Perhaps: "Note that there is no way to advertise a minimum version, so a client
advertising version N must be prepared to have the server select any older
version; if it has a minimum acceptable version, it MUST check the response
against that and generate an error if the version is too low"

Second:
"Please note that the Token Binding protocol version and key
 parameters are negotiated for each TLS connection, which means that"

You should remove "Please note" because this isn't an aside, it's a new requirement.

I have pushed the IETF LC button, so feel free to address these later.

-Ekr






On Sun, Oct 8, 2017 at 3:59 AM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:

A rich version of this review can be found at:

https://mozphab-ietf.devsvcdev.mozaws.net/D48<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD48&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=D9HCiwSJS93SnRi6rSfxuyEW7ZzVpmZ5GVrJ3t%2Bju94%3D&reserved=0>
1.      If you make an account and login, you can respond to the comments

and we can try to resolve them before you produce a new draft.
2.      When you're ready to produce a new draft, you can either upload

it to the draft repo or send me the pre-draft and either way I'll
take care of getting it uploaded here, so we can see diffs, etc.


INLINE COMMENTS
View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD47%23inline-326&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=Awfhu%2FfpvjkRxUhxUGeUeBX5M44r%2F6P1pnruF5AZDI8%3D&reserved=0>draft-ietf-tokbind-negotiation.txt:102
uint8 minor;
} ProtocolVersion;

you should note that this is taken from RFC 5246 or rename it.

View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD47%23inline-327&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=nmwywgNFMTXKC8iNYXSJIXTgo7c6KeuUQazFmVtYkuM%3D&reserved=0>draft-ietf-tokbind-negotiation.txt:110
ProtocolVersion token_binding_version;
TokenBindingKeyParameters key_parameters_list<1..2^8-1>
} TokenBindingParameters;

This is kind of hard to read because you are just defining the size of the enum here and then you have the definitions in the other draft. I think you should instead copy the definition from the other draft and then have a pointer, because as is it looks like no values are defined.

View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD47%23inline-328&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=%2FWEW3IaoGZ0vhZjxrduM%2F24TCASDxABnGzFM5mgtDVY%3D&reserved=0>draft-ietf-tokbind-negotiation.txt:117
client. [I-D.ietf-tokbind-protocol] describes version {1, 0} of the
protocol.

I see you are using the TLS 1.2 negotiation structures. You should probably add some text to make clear that this implies you are supporting all lower values.

View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD47%23inline-329&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=bagPbcPyI4M%2BjTR7enU3UWIZVmtmnGZ7mDjR55PuSoQ%3D&reserved=0>draft-ietf-tokbind-negotiation.txt:158
protocol version offered by the client in the "token_binding"
extension and the highest version supported by the server.

Given our experience with TLS negotiation, you probably need to state very clearly that you need to do min(client, server) version even if the client version is higher than you know about.

View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD47%23inline-330&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=5fG2KmYqj6F1a8NqK2ZLsJUNpigjXzu1dXmL7m1ql%2Fg%3D&reserved=0>draft-ietf-tokbind-negotiation.txt:193
extensions are not negotiated (see security considerations
section below for more details).

I would tend to think that some of these would be illegal_parameter.

View Inline<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD47%23inline-331&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=j7Eu7dXvqsb2TESK92cVCDxp5tlgd2gTDeeH420xDYU%3D&reserved=0>draft-ietf-tokbind-negotiation.txt:210
Please note that the Token Binding protocol version and key
parameters are negotiated for each TLS connection, which means that

I would remove "please note" here, because you aren't reminding people, this is a separate requirement.

REPOSITORY
rIETFREVIEW ietf-review

REVISION DETAIL
https://mozphab-ietf.devsvcdev.mozaws.net/D47<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2FD47&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=MZ1%2BrjbUiKmRF99kzUIOC4qLqTfUpdSrW23bfL0k1uk%3D&reserved=0>

EMAIL PREFERENCES
https://mozphab-ietf.devsvcdev.mozaws.net/settings/panel/emailpreferences/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmozphab-ietf.devsvcdev.mozaws.net%2Fsettings%2Fpanel%2Femailpreferences%2F&data=02%7C01%7CAndrei.Popov%40microsoft.com%7Cf0a714721f2e4f8d6fce08d52a946d1d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636461739339769143&sdata=%2FThiCVzQFWJ0YXuxkQLBLqenEaFfnNrjaDiO6AE08FM%3D&reserved=0>

To: ekr-moz, ekr