Re: [Unbearable] Switching exporters for 0-RTT Token Binding
Benjamin Kaduk <kaduk@mit.edu> Sat, 06 May 2017 18:04 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F0361200F3 for <unbearable@ietfa.amsl.com>; Sat, 6 May 2017 11:04:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.303
X-Spam-Level:
X-Spam-Status: No, score=-2.303 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChTprQII5aof for <unbearable@ietfa.amsl.com>; Sat, 6 May 2017 11:04:39 -0700 (PDT)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5828124234 for <unbearable@ietf.org>; Sat, 6 May 2017 11:04:39 -0700 (PDT)
X-AuditID: 12074423-bcfff7000000141a-7b-590e10354cd4
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 0A.25.05146.5301E095; Sat, 6 May 2017 14:04:37 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id v46I4aiY031269; Sat, 6 May 2017 14:04:36 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v46I4Vcs025743 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 6 May 2017 14:04:34 -0400
Date: Sat, 06 May 2017 13:04:32 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Nick Harper <nharper@google.com>
Cc: Andrei Popov <Andrei.Popov@microsoft.com>, IETF Tokbind WG <unbearable@ietf.org>
Message-ID: <20170506180431.GY30306@kduck.kaduk.org>
References: <CACdeXiLF3G8tBO5z5L2mfe5N-kYMv_4TNFS2_0YdecquMM_kuw@mail.gmail.com> <20170420020846.GY30306@kduck.kaduk.org> <CACdeXiLPb-QwLhG89ahV_q8q3n16jA+WEnsTzKTAyMtYcVF4Pw@mail.gmail.com> <SN1PR21MB0096D78DF3E9C07B23DC76078C100@SN1PR21MB0096.namprd21.prod.outlook.com> <20170428021355.GY30306@kduck.kaduk.org> <CACdeXiLGL7ejX00xkHPDwd1gTEaxD++QEisH9v_R=hSHJA9KJw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CACdeXiLGL7ejX00xkHPDwd1gTEaxD++QEisH9v_R=hSHJA9KJw@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrPIsWRmVeSWpSXmKPExsUixCmqrGsqwBdpsHmLisWPSTOYLfp37GO0 OPd4IZMDs8eCTaUeS5b8ZPJo3fGXPYA5issmJTUnsyy1SN8ugStj0YSZrAUT2Co+bw9vYPzI 0sXIySEhYCLxftFM1i5GLg4hgcVMElc+HQZLCAlsYJS4cC8PInGFSeLwlAvsIAkWARWJp/87 GEFsNiC7ofsyM4gtAmTPv3qdFcRmFoiVaNnUCFYjLOAq8ejyWTCbF2jbmzVroba1M0ucuXGa CSIhKHFy5hMWiGYtiRv/XgLFOYBsaYnl/zhAwpwCgRJ3tq0Au0FUQFmiYcYD5gmMArOQdM9C 0j0LoXsBI/MqRtmU3Crd3MTMnOLUZN3i5MS8vNQiXTO93MwSvdSU0k2MoLBld1Hewfiyz/sQ owAHoxIP7wFWvkgh1sSy4srcQ4ySHExKorxpojyRQnxJ+SmVGYnFGfFFpTmpxYcYJTiYlUR4 n3MDlfOmJFZWpRblw6SkOViUxHnFNRojhATSE0tSs1NTC1KLYLIyHBxKErwS/ECNgkWp6akV aZk5JQhpJg5OkOE8QMP9+ECGFxck5hZnpkPkTzHqcsy59/U9kxBLXn5eqpQ4bwxIkQBIUUZp HtwcULqRyN5f84pRHOgtYd7DIFU8wFQFN+kV0BImoCXRIN/xFpckIqSkGhgDtAsOJv/lvDlV 08lJXPti6DPXk5q5G5nlFqp77Gj4ectOIbJ89b2DoTl1pztqjFjTlb+dCHKZxL3jYdT7Mo3l r+3NP7B3vmB/uzSN4cbJuKVLTx3f8z01WHzFraInvGsm+LB9zu1Xdmhrsnz/g5NtomYI2wQ3 IZul5+0alpbeEzm94t3sbblKLMUZiYZazEXFiQCQjBEMEgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/oozPK8TjO-3MSyGIEThIMs0954M>
Subject: Re: [Unbearable] Switching exporters for 0-RTT Token Binding
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 May 2017 18:04:41 -0000
On Fri, May 05, 2017 at 01:25:15PM -0700, Nick Harper wrote: > It sounds like the consensus on this thread is that 0-RTT TB should > use the 0-RTT exporter for the whole connection - switching exporters > adds complexity, and no use cases have been identified where it > provides extra value. I will update the draft to have it not switch > exporters. Once I make the language change around switching exporters > and also resolve the 4 issues currently open on > https://github.com/nharper/0-rtt-token-binding/issues, I'll upload a > new I-D. This is not the list for the WG of which I'm chair, so it is not my call to make, but I would worry that there was insufficient input in the thread from which to make a claim of consensus. Chairs, am I in the woods? -Ben
- [Unbearable] Switching exporters for 0-RTT Token … Nick Harper
- Re: [Unbearable] Switching exporters for 0-RTT To… Benjamin Kaduk
- Re: [Unbearable] Switching exporters for 0-RTT To… Nick Harper
- Re: [Unbearable] Switching exporters for 0-RTT To… Andrei Popov
- Re: [Unbearable] Switching exporters for 0-RTT To… Benjamin Kaduk
- Re: [Unbearable] Switching exporters for 0-RTT To… Nick Harper
- Re: [Unbearable] Switching exporters for 0-RTT To… Benjamin Kaduk
- Re: [Unbearable] Switching exporters for 0-RTT To… Bill Cox