[Unbearable] AD Review: draft-ietf-tokbind-negotiation-09.txt

Eric Rescorla <ekr@rtfm.com> Sat, 07 October 2017 20:00 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8407F132193 for <unbearable@ietfa.amsl.com>; Sat, 7 Oct 2017 13:00:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ig_yrS-DZrzc for <unbearable@ietfa.amsl.com>; Sat, 7 Oct 2017 12:59:59 -0700 (PDT)
Received: from mail-qt0-x22f.google.com (mail-qt0-x22f.google.com [IPv6:2607:f8b0:400d:c0d::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48E6413445D for <unbearable@ietf.org>; Sat, 7 Oct 2017 12:59:59 -0700 (PDT)
Received: by mail-qt0-x22f.google.com with SMTP id z50so32005501qtj.4 for <unbearable@ietf.org>; Sat, 07 Oct 2017 12:59:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=0nHu+kAAa+t1aSWb1V09VURELYUSQIN8b3hdZTKW9UM=; b=erJ89XXh57ftf87rc6ZEvVj83Ekc6+7ByqzzJDnfAngDe4VqXs6UflA5xjMK+Jy1yg UjkmUw/zp0/aUXUMu9p4kXlyp8klFGSR8Js3YqCbDVFCGv8Ks1cqRppJxKyMcQSDzbQO qmlU1jKB/7v5HyDc+FSpZBsHChreqiviXGh2hvu5o1prC3yDA0TfVi45Ws5gKG068XRx crwpqcbD4rWXRce/7KOHBCEKIbpzjjZMEwm6bl8UBmwORjSDsu4q/vV8D2vJg+/KDobx ZBWilTotL5WIsLe2Go94XvFS6jArDj1a+7HPK6HuoXguNmalGx8VPkuf8pB+M4B+QDmZ q90Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=0nHu+kAAa+t1aSWb1V09VURELYUSQIN8b3hdZTKW9UM=; b=rI57RZ2IPZvkyODQbLlf1xBNYIhmz+9BL/VjsBldQCAaCy0pLY511SwweFbokJCiVG 8v7P16bjQoy32ai5M4nEim9k2tiwgpqMPjU8BKl5H5elu+tZqtz3AIWMhJelqF+A4Mm8 yfxQAEz7AA17FeYu+/U6txGvKubUps2XuidyRN/JzS8fEu0vfobRrlZNJtJAqi0hdxD/ oaFTQLoQYdVDvZgqgo4xFekcITHeDmBRuJx8pzOhrGby930foxnuTUIt2p1rxTXxhYCf am1pKByzROm6gPKL2p4ngK/JSViAJTBYAiWahpwQMK+RFbbcCSB1/6pDjH4c2PJ2RLQD GG0w==
X-Gm-Message-State: AMCzsaXzdDfDc3v677V/S9r0IVm4uuzkipTMG1rMmgdwqpGK4d4E+j2r lmSJpIvhaDeOOStAAi1CdEW47VcXa27xFYS4XJpTTTCS
X-Google-Smtp-Source: AOwi7QBgn+Y4yZpK9K7wJD61W1Mkm7EcvhUH7+5C7xpx7+8zMMLq3ofpL7hjrkP+N0ON5/fDDJ8kGh5YDD+8p5HA3vg=
X-Received: by 10.37.162.145 with SMTP id c17mr132268ybi.348.1507406398117; Sat, 07 Oct 2017 12:59:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.75.194 with HTTP; Sat, 7 Oct 2017 12:59:17 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 7 Oct 2017 12:59:17 -0700
Message-ID: <CABcZeBM6BYN3VoAmQafAm+gXn97e2RjgZKwJVuf6giK+Q_Q6og@mail.gmail.com>
To: IETF Tokbind WG <unbearable@ietf.org>, draft-ietf-tokbind-negotiation@tools.ietf.org
Content-Type: multipart/alternative; boundary="089e0828c2ace47616055afa66af"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/hckLZOvZ2rdJGhNJ9hjXwMqnvEY>
Subject: [Unbearable] AD Review: draft-ietf-tokbind-negotiation-09.txt
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Oct 2017 20:00:01 -0000

A rich version of this review can be found at:

https://mozphab-ietf.devsvcdev.mozaws.net/D48

   1. If you make an account and login, you can respond to the comments

and we can try to resolve them before you produce a new draft.

   1. When you're ready to produce a new draft, you can either upload

it to the draft repo or send me the pre-draft and either way I'll
take care of getting it uploaded here, so we can see diffs, etc.


*INLINE COMMENTS*
View Inline <https://mozphab-ietf.devsvcdev.mozaws.net/D47#inline-326>
draft-ietf-tokbind-negotiation.txt:102
uint8 minor;
} ProtocolVersion;

you should note that this is taken from RFC 5246 or rename it.

View Inline <https://mozphab-ietf.devsvcdev.mozaws.net/D47#inline-327>
draft-ietf-tokbind-negotiation.txt:110
ProtocolVersion token_binding_version;
TokenBindingKeyParameters key_parameters_list<1..2^8-1>
} TokenBindingParameters;

This is kind of hard to read because you are just defining the size of the
enum here and then you have the definitions in the other draft. I think you
should instead copy the definition from the other draft and then have a
pointer, because as is it looks like no values are defined.

View Inline <https://mozphab-ietf.devsvcdev.mozaws.net/D47#inline-328>
draft-ietf-tokbind-negotiation.txt:117
client. [I-D.ietf-tokbind-protocol] describes version {1, 0} of the
protocol.

I see you are using the TLS 1.2 negotiation structures. You should probably
add some text to make clear that this implies you are supporting all lower
values.

View Inline <https://mozphab-ietf.devsvcdev.mozaws.net/D47#inline-329>
draft-ietf-tokbind-negotiation.txt:158
protocol version offered by the client in the "token_binding"
extension and the highest version supported by the server.

Given our experience with TLS negotiation, you probably need to state very
clearly that you need to do min(client, server) version even if the client
version is higher than you know about.

View Inline <https://mozphab-ietf.devsvcdev.mozaws.net/D47#inline-330>
draft-ietf-tokbind-negotiation.txt:193
extensions are not negotiated (see security considerations
section below for more details).

I would tend to think that some of these would be illegal_parameter.

View Inline <https://mozphab-ietf.devsvcdev.mozaws.net/D47#inline-331>
draft-ietf-tokbind-negotiation.txt:210
Please note that the Token Binding protocol version and key
parameters are negotiated for each TLS connection, which means that

I would remove "please note" here, because you aren't reminding people,
this is a separate requirement.

*REPOSITORY*
rIETFREVIEW ietf-review

*REVISION DETAIL*
https://mozphab-ietf.devsvcdev.mozaws.net/D47

*EMAIL PREFERENCES*
https://mozphab-ietf.devsvcdev.mozaws.net/settings/panel/emailpreferences/

*To: *ekr-moz, ekr