[Unbearable] SECDIR early review of draft-ietf-tokbind-tls13-00
Stephen Kent <stkent@verizon.net> Thu, 22 March 2018 15:01 UTC
Return-Path: <stkent@verizon.net>
X-Original-To: unbearable@ietfa.amsl.com
Delivered-To: unbearable@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6113012D88D for <unbearable@ietfa.amsl.com>; Thu, 22 Mar 2018 08:01:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s2wyFQyW8fS9 for <unbearable@ietfa.amsl.com>; Thu, 22 Mar 2018 08:00:58 -0700 (PDT)
Received: from omr-m001e.mx.aol.com (omr-m001e.mx.aol.com [204.29.186.1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEDB712D88A for <unbearable@ietf.org>; Thu, 22 Mar 2018 08:00:57 -0700 (PDT)
Received: from mtaout-maa01.mx.aol.com (mtaout-maa01.mx.aol.com [172.26.222.141]) by omr-m001e.mx.aol.com (Outbound Mail Relay) with ESMTP id 9FCA338000B9; Thu, 22 Mar 2018 11:00:56 -0400 (EDT)
Received: from iMac-Study.fios-router.home (0x694d61632d53747564792e66696f732d726f757465722e686f6d65 [108.49.30.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mtaout-maa01.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 21D1A38000086; Thu, 22 Mar 2018 11:00:56 -0400 (EDT)
To: secdir@ietf.org, nharper@google.com, leifj@sunet.se, uta@ietf.org, unbearable@ietf.org, Eric Rescorla <ekr@rtfm.com>
From: Stephen Kent <stkent@verizon.net>
Message-ID: <7e489950-5f18-9ea8-5c49-d8e175a5606f@verizon.net>
Date: Thu, 22 Mar 2018 11:00:55 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------68289448CC69AA43AF0D7243"
Content-Language: en-US
x-aol-global-disposition: G
x-aol-sid: 3039ac1ade8d5ab3c5283f81
X-AOL-IP: 108.49.30.217
Archived-At: <https://mailarchive.ietf.org/arch/msg/unbearable/smeH2hb8zaFfBa6IoBDX5Jss5tg>
Subject: [Unbearable] SECDIR early review of draft-ietf-tokbind-tls13-00
X-BeenThere: unbearable@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "\"This list is for discussion of proposals for doing better than bearer tokens \(e.g. HTTP cookies, OAuth tokens etc.\) for web applications. The specific goal is chartering a WG focused on preventing security token export and replay attacks.\"" <unbearable.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/unbearable>, <mailto:unbearable-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/unbearable/>
List-Post: <mailto:unbearable@ietf.org>
List-Help: <mailto:unbearable-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/unbearable>, <mailto:unbearable-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 15:01:00 -0000
SECDIR *early* review of draft-ietf-tokbind-tls13-00 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.These comments were written with the intent of improving security requirements and considerations in IETF drafts.Comments not addressed in last call may be included in AD reviews during the IESG review.Document editors and WG chairs should treat these comments just like any other last call comments. This (very brief) document defines how to negotiate Token Binding for TLS v1.3. Existing IETF documents (IDs) define this protocol and how to negotiate it capability only for earlier versions of TLS. The first question that comes to mind is why there is a need for a new ID, instead of adding text to draft-ietf-tokbind-negotiation-10. I realize that draft-ietf-tokbind-negotiation-10 is in last call, but the text here is so small that it seems overkill to create a separate RFC. I’m guessing that the argument is that this document references TLS 1.3, which is not yet an RFC, and thus the author is trying to avoid creating a down reference problem with draft-ietf-tokbind-negotiation-10. Right? Section 2 notes that the format of the extension is the same as defined in draft-ietf-tokbind-negotiation-10, so nothing new there. The section cites two differences from the behavior in draft-ietf-tokbind-negotiation-10, which are described in just two sentences. Section 3 adds one paragraph to deal with 0-RTT, a TLS 1.3 feature not present in earlier versions.Section 4 is non-normative, but, presumably useful. The security concerns are asserted to be the same as for draft-ietf-tokbind-negotiation-10, plus a sentence discussing why the 0-RTT exclusion avoids other potential security concerns. So, if folks don’t want to delay publication of draft-ietf-tokbind-negotiation-10, I guess this is OK as a separate document, updating that RFC.
- [Unbearable] SECDIR early review of draft-ietf-to… Stephen Kent
- Re: [Unbearable] SECDIR early review of draft-iet… Nick Harper