[Unbearable] New versions of TBNEGO and TBPROTO
Andrei Popov <Andrei.Popov@microsoft.com> Thu, 24 May 2018 01:06 UTC
Return-Path: <Andrei.Popov@microsoft.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61E4C127077 for <unbearable@ietfa.amsl.com>; Wed, 23 May 2018 18:06:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.009
X-Spam-Level:
X-Spam-Status: No, score=-2.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eu6R3ygKcTyl for <unbearable@ietfa.amsl.com>; Wed, 23 May 2018 18:06:06 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0125.outbound.protection.outlook.com [104.47.37.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 038B5124217 for <unbearable@ietf.org>; Wed, 23 May 2018 18:06:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XN0Zvi9LJS/i9YVTpWQMg2sn0aDBPq+gAVuOC8gULtw=; b=YUC6cPagnLCWl3kPAozpIkX2iY8bjOGPWAtEXEyGwVMu14M9gXrwuIusmGRUqzuoeMCuuQjQBF/lY2gkacyZL0MsZe1OVUPuI1Pf0T2RYzlvD09qtaaZo/dv30fpxbhJnwUnht/gfGae8I9a19zxQAsC7UNRRX+5N+oYEpajnrI=
Received: from MWHPR21MB0512.namprd21.prod.outlook.com (10.172.95.142) by MWHPR21MB0189.namprd21.prod.outlook.com (10.173.52.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.820.2; Thu, 24 May 2018 01:06:04 +0000
Received: from MWHPR21MB0512.namprd21.prod.outlook.com ([fe80::84c6:d7a9:b03f:c183]) by MWHPR21MB0512.namprd21.prod.outlook.com ([fe80::84c6:d7a9:b03f:c183%7]) with mapi id 15.20.0797.007; Thu, 24 May 2018 01:06:04 +0000
From: Andrei Popov <Andrei.Popov@microsoft.com>
To: "unbearable@ietf.org" <unbearable@ietf.org>
Thread-Topic: New versions of TBNEGO and TBPROTO
Thread-Index: AdPy+gq1MS56hDWCSI2LlAUuKZ3FYQ==
Date: Thu, 24 May 2018 01:06:04 +0000
Message-ID: <MWHPR21MB0512ACEBB8BCAC9EE9A5B75D8C6A0@MWHPR21MB0512.namprd21.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:4898:80e8:9:28b4:a023:971b:e42c]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR21MB0189; 7:jZEzYJUtdNFBU98H4SfwKP6jh1UMveU+qN4qipyqYdcRwWTv8jiyjRD8MmYugNC/wTGXvqFmSFz4hvt7K4LAyRQwmzCEPCBlV0mMkFhKckisNdnkhihxk8y4b0En6kpPqDADxhAW348kkghXdYBxyNdfrHamtJRajQNw+Qp9krynQ6TJ85mu1Il3QoAZnxFQlzZLOA/r9PdyguQ3SaVCyWbX3xaSHmGL/H9fcq17g66fn87gE4yOR+pQ/5Aa2vgG; 20:4gpI9GqJYoY3K7IKkzFcYy3V9z9iEBnTeOJMHvYBW54e4Y52zrcxSbDGsffWUVpFfv7GyxKNopalOcA8jiJP+4KdWMc6q05e9V4iFVdfSVHVszi3eiyamOe345cIAGaT1chiSs0WxgiMD1pd3GP7zuCxl88zTeCbyN7PYLn4ZE0=
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7193020); SRVR:MWHPR21MB0189;
x-ms-traffictypediagnostic: MWHPR21MB0189:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Andrei.Popov@microsoft.com;
x-microsoft-antispam-prvs: <MWHPR21MB01895F41594C3535ACB7047F8C6A0@MWHPR21MB0189.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231254)(2018427008)(944501410)(52105095)(6055026)(149027)(150027)(6041310)(20161123564045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:MWHPR21MB0189; BCL:0; PCL:0; RULEID:; SRVR:MWHPR21MB0189;
x-forefront-prvs: 0682FC00E8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(346002)(396003)(39380400002)(39860400002)(376002)(199004)(189003)(478600001)(5630700001)(2900100001)(97736004)(74316002)(7696005)(105586002)(46003)(106356001)(99286004)(7736002)(6116002)(790700001)(55016002)(25786009)(33656002)(5660300001)(14454004)(10090500001)(10290500003)(68736007)(6916009)(8990500004)(72206003)(86362001)(606006)(2351001)(316002)(186003)(1730700003)(9686003)(86612001)(6306002)(236005)(54896002)(8936002)(81156014)(81166006)(8676002)(22452003)(53936002)(2906002)(5640700003)(6436002)(3280700002)(102836004)(486006)(476003)(6506007)(2501003)(5250100002)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0189; H:MWHPR21MB0512.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: VTJJb7yRuDQc9zPtYmMbZ4SUzhJrxo0FSo4ozeymaBGaJ35NR+9duxqQzXarxl5YTDnb0Znxn7g0W5Tsp0kZaUl4CS2DTq8gBT1iQXm3HJYw5aeRhyLP/WXwWya5j9bxc+on0G/c0htqOpkeep6FGa5SJzHvxdA5CATP9WMzSsxIoaUG/Qkc/2eUSqVzSw1E
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MWHPR21MB0512ACEBB8BCAC9EE9A5B75D8C6A0MWHPR21MB0512namp_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 151a7aa5-9a79-467c-3dde-08d5c112861c
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 151a7aa5-9a79-467c-3dde-08d5c112861c
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2018 01:06:04.4421 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0189
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/4HP5UnWysItCeP1k0h5cwcOYVoU>
Subject: [Unbearable] New versions of TBNEGO and TBPROTO
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 May 2018 01:06:08 -0000
Editorial updates TBNEGO-14<https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-14> and TBPROTO-19<https://tools.ietf.org/html/draft-ietf-tokbind-protocol-19> have been uploaded. TBNEGO-14 explicitly states that "major" and "minor" version fields are for human convenience only, and carry no protocol significance. Among other insightful comments, Benjamin Kaduk suggested that "expert review" policy + requirement of permanent and readily available specification = "Specification Required" policy. This made sense to me, so I updated IANA considerations accordingly in TBPROTO-19. Please review the updated documents, Thanks, Andrei
- [Unbearable] New versions of TBNEGO and TBPROTO Andrei Popov