Re: [Unbearable] Warren Kumari's No Objection on draft-ietf-tokbind-negotiation-12: (with COMMENT)

Nick Harper <nharper@google.com> Wed, 09 May 2018 18:01 UTC

Return-Path: <nharper@google.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BE8512D9FF for <unbearable@ietfa.amsl.com>; Wed, 9 May 2018 11:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.61
X-Spam-Level:
X-Spam-Status: No, score=-15.61 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FlUOxsa9-slW for <unbearable@ietfa.amsl.com>; Wed, 9 May 2018 11:01:23 -0700 (PDT)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4D9F12D96A for <unbearable@ietf.org>; Wed, 9 May 2018 11:01:21 -0700 (PDT)
Received: by mail-it0-x22d.google.com with SMTP id q4-v6so21727725ite.3 for <unbearable@ietf.org>; Wed, 09 May 2018 11:01:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=faoGGnfDBISmRoKsnyAbzlI3IjAE4xwMX7WgxL7c/ps=; b=TVY45R4th2an7FVm/iSJoidc8EfWPgICsfJmgphaMJSBX9fkTeJ8/C1ANmg0RhYgpa 2yMeV5lsaUf7gdqQ486xAuSeofwIUU5olflCZ+69Rakp5AslUv2MMaoroKY1B4BxaFGp H1esEE6eD+iXyMw/L5YRSQHKK1LjdP9X4Y7vq152ca9wHEs3dL8zuCea4rNpkpV0zr/S Nw5jKTl8kmXYSnpASzq5iMxtCDXYvCyas+9E7+iwtoyYzTOR7mYYL0z65hfn8+SVzv73 iAiaGDhIXkGEMqpC2cv6r0w2FuSqscApOjxUoJqYcFHv1cyRwRiSL4xXZCrhasOrT7tM cZIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=faoGGnfDBISmRoKsnyAbzlI3IjAE4xwMX7WgxL7c/ps=; b=Q0nK6d3d0N7LX8ZBrCqviHX/J3rIJhf6TQQXlP9pKLQrGHasL73Be8MqjpcSQ9IM9l 8dkutrvS1B9X8gUGzoNv2lC//0CYetTPoVR/bRZuqKsrBf2DJbVDpMLHUNb1sM6d2b58 z1H1zk2AQVnZs7F/Vd9qLLs8nR+/4TEGHOv7azWwBU7iEAVxoSyXQ/Ua9s3iR8waJrAA FMT+DaOAmaYUkbbCABQjnCBBVoCBKUH7lEzGSlY1FBhZ4R3Skl+2Di61qm/pz6hSOYfQ DFfB6EnUScXp7WZsHHnTNZKCrzF7RVAahzr03GX4OWzNsQ6di+1jnGRZusLEA1+mJ/US CAfQ==
X-Gm-Message-State: ALKqPwdEWRUAyjzwwep2D5b5P10Tk7Y54yUI2EnOjDm8DBGhjXykMEmo T7mrys7SaK31hpelZP9fCPSJaGbnpOgmypWMvD7/zw==
X-Google-Smtp-Source: AB8JxZrKaz8t1dRlmx+3yDjsdpnAFeUg4QJRxidQlbEfJCeXrOIjmfsaaohx4FS8zgTeHWSSGyc8B8QJbeS4JaFWFyU=
X-Received: by 2002:a24:51d5:: with SMTP id s204-v6mr10953424ita.151.1525888880125; Wed, 09 May 2018 11:01:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:7b02:0:0:0:0:0 with HTTP; Wed, 9 May 2018 11:00:59 -0700 (PDT)
In-Reply-To: <152587829673.3921.15943204349783206766.idtracker@ietfa.amsl.com>
References: <152587829673.3921.15943204349783206766.idtracker@ietfa.amsl.com>
From: Nick Harper <nharper@google.com>
Date: Wed, 9 May 2018 11:00:59 -0700
Message-ID: <CACdeXi+S5XeUV4HmB9Wc7RgVv__kQsrLW7ic2K+gKVatdaqNnQ@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: The IESG <iesg@ietf.org>, John Bradley <ve7jtb@ve7jtb.com>, draft-ietf-tokbind-negotiation@ietf.org, IETF Tokbind WG <unbearable@ietf.org>, tokbind-chairs@ietf.org, liushucheng@huawei.com
Content-Type: multipart/alternative; boundary="000000000000abffbc056bc9b017"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/fYbiR1iY5QjM9ccBFmCOGgzE_1Q>
Subject: Re: [Unbearable] Warren Kumari's No Objection on draft-ietf-tokbind-negotiation-12: (with COMMENT)
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2018 18:01:25 -0000

It's pretty easy to make it work with TLS 1.3:
https://datatracker.ietf.org/doc/draft-ietf-tokbind-tls13/ is a short draft
that explains how. The reason for the split was because of document timing,
specifically not wanting to hold up the Token Binding drafts on publication
of TLS 1.3.

On Wed, May 9, 2018 at 8:04 AM, Warren Kumari <warren@kumari.net> wrote:

> Warren Kumari has entered the following ballot position for
> draft-ietf-tokbind-negotiation-12: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-tokbind-negotiation/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Please also see Will LIU's OpsDir review here:
> https://datatracker.ietf.org/doc/review-ietf-tokbind-
> negotiation-10-opsdir-lc-liu-2017-12-04/
> It suggests a simple change which will remove confusion/ambiguity.
>
> The document says (in the Introduction):
> "The negotiation of the Token Binding protocol and key parameters in
> combination with TLS 1.3 and later versions is beyond the scope of this
> document."
>
> How hard would it be to make it work with TLS 1.3? Actually, what part of
> it
> doesn't already? (I'm guessing I'm missing something super-obvious)...
>
>
> _______________________________________________
> Unbearable mailing list
> Unbearable@ietf.org
> https://www.ietf.org/mailman/listinfo/unbearable
>