[Unbearable] draft-ietf-tokbind-negotiation feedback

Nick Harper <nharper@google.com> Wed, 29 March 2017 22:03 UTC

Return-Path: <nharper@google.com>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3A79129626 for <unbearable@ietfa.amsl.com>; Wed, 29 Mar 2017 15:03:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uVpl_gFfpORX for <unbearable@ietfa.amsl.com>; Wed, 29 Mar 2017 15:03:33 -0700 (PDT)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD3C3129622 for <unbearable@ietf.org>; Wed, 29 Mar 2017 15:03:31 -0700 (PDT)
Received: by mail-yw0-x22a.google.com with SMTP id p77so20494924ywg.1 for <unbearable@ietf.org>; Wed, 29 Mar 2017 15:03:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=UYVpsTJdCshqa5BQT78jsYl+ECE3gawWmgsO1o45ZSU=; b=Klv4wW7518hcGvQZ6DE7kkp9D+4ACf15qS7d7FFETBJcZ6BGyqs8R1dSDkHydiJT6d 7WWjqDFum6ixQwQlv/+gPdanhxiPuPKfZTE8/t3WH19q7DBedaAqTz7vPp0RDEa8C6Pr kLoxhmvwwd7GS+Ul2Ck6Ww6EoZKpmPCr81Mml/HFg8DwcsoFxE0H9mNjMve3bnWh5mMy jL2s1FW8Ui1wXNcuDouhdzc9ebZrujDLhHWrMHdBrkTzjmQSKcfEQqTrxSMjgQjogiwj goLo7auAmxLG23IMJtHlbVXecr7MqISCH3+7SRqnQ1eEXFyDHKPSMEEGVamuEoxC7kTq IGtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=UYVpsTJdCshqa5BQT78jsYl+ECE3gawWmgsO1o45ZSU=; b=RC3uffOFrSzFTxkKuSdfcYbSQy7QvFQIomXt9txTET7IryzpbmKTRNOvTICsvKOZ8L re1x6/A/5Tff3FmKsgyJIKOnEWzduGXM0lqn91vTIEbQq06B0fCu66nsmxJM37Qpge9y sGBhImUymh2bgTM10+BDHjmRWSTl/qD67or7rtDKiVBd9yLfStKpLxbOLoGeWBQwi7/U vqMbmBD5gzBGlEigKm6or1YUL1P/sbF3ZwfTW+Kyp9gF9cvl+uE2EOXZr7wKByb0OQxE pe0BcL+PumeQIAm/yD7uoB64QvGkgvTKHzHZIucSuI8dCXA8oKrbGQB75RI4meStjFhD TZ3Q==
X-Gm-Message-State: AFeK/H1LOF64eI1+1fmdbFFWtKbhcFmpB1VpXlWXH77pCFLyg8+ttlghi5QtYc+7/QyRGi4J3JkizQFwR8kq3TfV
X-Received: by 10.37.192.214 with SMTP id c205mr2896821ybf.195.1490825010601; Wed, 29 Mar 2017 15:03:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.65.5 with HTTP; Wed, 29 Mar 2017 15:03:10 -0700 (PDT)
From: Nick Harper <nharper@google.com>
Date: Wed, 29 Mar 2017 15:03:10 -0700
Message-ID: <CACdeXiKy_CEorSMRBLquY6kV39bzvoyhcR-3Ncm1i+Jsht5sXg@mail.gmail.com>
To: IETF Tokbind WG <unbearable@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/iA18qpvoIlFo9umezrC_Bhjk57M>
Subject: [Unbearable] draft-ietf-tokbind-negotiation feedback
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Mar 2017 22:03:35 -0000

As far as I can tell, draft-ietf-tokbind-negotiation (TBNEGO) does not
limit which versions of TLS that the extension can be used with. I'm
assuming that draft-ietf-tls-tls13 (TLS 1.3) will get published before
draft-ietf-tokbind-negotiation. Section 4.2.7 (Early Data Indication)
of TLS 1.3 (draft 19) specifies that "Future extensions MUST define
their interaction with 0-RTT.".

I see two potential options to reconcile this disagreement:

1) Have TBNEGO specify something like "Token Binding and 0-RTT MUST
NOT both be negotiated on the same connection" and let
draft-ietf-tokbind-tls13-0rtt update TBNEGO later.
2) Specify in TBNEGO a max TLS version of 1.2, and have
draft-ietf-tokbind-tls13-0rtt or another draft specify the behavior of
the extension in TLS 1.3 and higher.

Does this WG think this is something that needs to be addressed? Are
there other options to consider?