Re: [Unbearable] Warren Kumari's No Objection on draft-ietf-tokbind-negotiation-12: (with COMMENT)
Nick Harper <nharper@google.com> Wed, 09 May 2018 18:01 UTC
Return-Path: <nharper@google.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 1BE8512D9FF
for <unbearable@ietfa.amsl.com>; Wed, 9 May 2018 11:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.61
X-Spam-Level:
X-Spam-Status: No, score=-15.61 tagged_above=-999 required=5
tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01,
USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5]
autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=google.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id FlUOxsa9-slW for <unbearable@ietfa.amsl.com>;
Wed, 9 May 2018 11:01:23 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com
[IPv6:2607:f8b0:4001:c0b::22d])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id B4D9F12D96A
for <unbearable@ietf.org>; Wed, 9 May 2018 11:01:21 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id q4-v6so21727725ite.3
for <unbearable@ietf.org>; Wed, 09 May 2018 11:01:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=faoGGnfDBISmRoKsnyAbzlI3IjAE4xwMX7WgxL7c/ps=;
b=TVY45R4th2an7FVm/iSJoidc8EfWPgICsfJmgphaMJSBX9fkTeJ8/C1ANmg0RhYgpa
2yMeV5lsaUf7gdqQ486xAuSeofwIUU5olflCZ+69Rakp5AslUv2MMaoroKY1B4BxaFGp
H1esEE6eD+iXyMw/L5YRSQHKK1LjdP9X4Y7vq152ca9wHEs3dL8zuCea4rNpkpV0zr/S
Nw5jKTl8kmXYSnpASzq5iMxtCDXYvCyas+9E7+iwtoyYzTOR7mYYL0z65hfn8+SVzv73
iAiaGDhIXkGEMqpC2cv6r0w2FuSqscApOjxUoJqYcFHv1cyRwRiSL4xXZCrhasOrT7tM
cZIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=faoGGnfDBISmRoKsnyAbzlI3IjAE4xwMX7WgxL7c/ps=;
b=Q0nK6d3d0N7LX8ZBrCqviHX/J3rIJhf6TQQXlP9pKLQrGHasL73Be8MqjpcSQ9IM9l
8dkutrvS1B9X8gUGzoNv2lC//0CYetTPoVR/bRZuqKsrBf2DJbVDpMLHUNb1sM6d2b58
z1H1zk2AQVnZs7F/Vd9qLLs8nR+/4TEGHOv7azWwBU7iEAVxoSyXQ/Ua9s3iR8waJrAA
FMT+DaOAmaYUkbbCABQjnCBBVoCBKUH7lEzGSlY1FBhZ4R3Skl+2Di61qm/pz6hSOYfQ
DFfB6EnUScXp7WZsHHnTNZKCrzF7RVAahzr03GX4OWzNsQ6di+1jnGRZusLEA1+mJ/US
CAfQ==
X-Gm-Message-State: ALKqPwdEWRUAyjzwwep2D5b5P10Tk7Y54yUI2EnOjDm8DBGhjXykMEmo
T7mrys7SaK31hpelZP9fCPSJaGbnpOgmypWMvD7/zw==
X-Google-Smtp-Source: AB8JxZrKaz8t1dRlmx+3yDjsdpnAFeUg4QJRxidQlbEfJCeXrOIjmfsaaohx4FS8zgTeHWSSGyc8B8QJbeS4JaFWFyU=
X-Received: by 2002:a24:51d5:: with SMTP id
s204-v6mr10953424ita.151.1525888880125;
Wed, 09 May 2018 11:01:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:7b02:0:0:0:0:0 with HTTP;
Wed, 9 May 2018 11:00:59 -0700 (PDT)
In-Reply-To: <152587829673.3921.15943204349783206766.idtracker@ietfa.amsl.com>
References: <152587829673.3921.15943204349783206766.idtracker@ietfa.amsl.com>
From: Nick Harper <nharper@google.com>
Date: Wed, 9 May 2018 11:00:59 -0700
Message-ID: <CACdeXi+S5XeUV4HmB9Wc7RgVv__kQsrLW7ic2K+gKVatdaqNnQ@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: The IESG <iesg@ietf.org>, John Bradley <ve7jtb@ve7jtb.com>,
draft-ietf-tokbind-negotiation@ietf.org,
IETF Tokbind WG <unbearable@ietf.org>, tokbind-chairs@ietf.org,
liushucheng@huawei.com
Content-Type: multipart/alternative; boundary="000000000000abffbc056bc9b017"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/fYbiR1iY5QjM9ccBFmCOGgzE_1Q>
Subject: Re: [Unbearable] Warren Kumari's No Objection on
draft-ietf-tokbind-negotiation-12: (with COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than
bearer tokens \(e.g. HTTP cookies,
OAuth tokens etc.\) for web applications. The specific goal is chartering a WG
focused on preventing security token export and replay attacks.\""
<unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>,
<mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>,
<mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 18:01:25 -0000
It's pretty easy to make it work with TLS 1.3: https://datatracker.ietf.org/doc/draft-ietf-tokbind-tls13/ is a short draft that explains how. The reason for the split was because of document timing, specifically not wanting to hold up the Token Binding drafts on publication of TLS 1.3. On Wed, May 9, 2018 at 8:04 AM, Warren Kumari <warren@kumari.net> wrote: > Warren Kumari has entered the following ballot position for > draft-ietf-tokbind-negotiation-12: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tokbind-negotiation/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Please also see Will LIU's OpsDir review here: > https://datatracker.ietf.org/doc/review-ietf-tokbind- > negotiation-10-opsdir-lc-liu-2017-12-04/ > It suggests a simple change which will remove confusion/ambiguity. > > The document says (in the Introduction): > "The negotiation of the Token Binding protocol and key parameters in > combination with TLS 1.3 and later versions is beyond the scope of this > document." > > How hard would it be to make it work with TLS 1.3? Actually, what part of > it > doesn't already? (I'm guessing I'm missing something super-obvious)... > > > _______________________________________________ > Unbearable mailing list > Unbearable@ietf.org > https://www.ietf.org/mailman/listinfo/unbearable >
- [Unbearable] Warren Kumari's No Objection on draf… Warren Kumari
- Re: [Unbearable] Warren Kumari's No Objection on … Nick Harper
- Re: [Unbearable] Warren Kumari's No Objection on … Andrei Popov
- Re: [Unbearable] Warren Kumari's No Objection on … Warren Kumari