Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-email-deep-09: (with COMMENT)
Keith Moore <moore@network-heretics.com> Wed, 25 October 2017 22:48 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16CC713A41A; Wed, 25 Oct 2017 15:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SxdJwskWAeNS; Wed, 25 Oct 2017 15:48:52 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 746D113A1C7; Wed, 25 Oct 2017 15:48:52 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id B481722674; Wed, 25 Oct 2017 18:48:51 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute6.internal (MEProxy); Wed, 25 Oct 2017 18:48:51 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=BWXqoImKQgyI+xjr6P/srhZ5JHtn5 +xHitZCPGw1Q7A=; b=WrqSbQcWMdFJJ9B6R2QoBKPmEZ2DrtsZNsVBjAXUAQGTx LJiVcDs6alaTXUrqPfR2qkdGdCcqAOXQUoaCfzUGk78KDIBrx049ww2k8jN9VOnr pDSJ6nNqenrADvhN5Kfsf8pDEK/wTdchKAV/vaPq7mSxlz0vMAOZra7mHTiNfHxx g3893Eh6SUNui41I8fB46y8+TxpYByDd9WuN0qx6h7zdfr8fsQgxfXdoCp5qpy8U rdVt49wQ1sXwlXRIuKg08simAnJ0Xo/y/y/0tK/UEeU9TIrVenGWUIxGAIO9xKRS 49+tEdprNqb18t2Y/plTcDHsqct/RI9I0pTfgekXA==
X-ME-Sender: <xms:0xTxWebbNnUJHdwD_e5XkMUEYvyscStKdAWHeEkejtXc083zJlvu8Q>
Received: from [192.168.1.66] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 911E27F955; Wed, 25 Oct 2017 18:48:50 -0400 (EDT)
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-uta-email-deep@ietf.org, uta-chairs@ietf.org, Leif Johansson <leifj@sunet.se>, "uta@ietf.org" <uta@ietf.org>
References: <150852235551.15416.1247335476327491501.idtracker@ietfa.amsl.com> <98fddd93-a0a8-efa3-ce2e-530449ae536c@network-heretics.com> <CABcZeBP47cwBGcKGuNAAX7PC91_hjEHrLrN-6U1VrX8+GiG=Sw@mail.gmail.com>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <2389e1c8-6f87-5455-1c3d-8d1d05ce6bf7@network-heretics.com>
Date: Wed, 25 Oct 2017 18:48:49 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBP47cwBGcKGuNAAX7PC91_hjEHrLrN-6U1VrX8+GiG=Sw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------341BD278C7183C272827FA3D"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/6oZeJpKoRHAdD7DBRAKR7NAJmkQ>
Subject: Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-email-deep-09: (with COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 22:48:54 -0000
On 10/25/2017 06:29 PM, Eric Rescorla wrote: > > > > dh-group = ALPHA *(ALPHA / DIGIT / "_") > > > I might want to include hyphen here because "P-256" done. > > Line 405 > implementation does not know the name of the cipher suite (a > situation that should be remedied promptly), a four-digit > hexadecimal > cipher suite identifier MAY be used. The ABNF for the > field follows: > Hard to see how you could realistically get into this state... > > Chris wrote this so this is just a guess on my part: I'm > assuming there are TLS APIs out there that let the caller query > which ciphersuite is being used, but the implementation returns an > integer rather than the name, and provides no convenience routine > to look up the name text. > > > OK. Chris? > > > > Line 594 > accounts SHOULD be at least use of TLS version 1.1 or > greater, and > successful validation of the server's certificate. > (Future revisions > to this specification may raise these requirements or impose > This second requirement is more important. > > > Agree, or at least I think I do (are MiTM attacks taking advantage > of no or weak cert validation really more of a threat than attacks > on TLS < 1.1 protocol or ciphersuites? yeah, I could see that.). > > > No, they're not. > > But I certainly want implementors to pay more attention to cert > validation. > > I'm not sure what change to the text you had in mind, but I > reversed the order to put cert validation first. > > > I think that success validation needs to be a MUST. Ah, now I understand. Changed to MUST validate + SHOULD TLS >= 1.1. > Line 781 > or interception; this is not intended to mitigate active > attackers > who have compromised service provider systems. > IMPORTANT: Client auth with TLS 1.2 reveals the user's > identity. This is a > privacy issue, and so we need to note it. The options here are > not great with < > 1.3 because renegotiation is also bad, so I'm not suggesting a > normative > change, but I think the doc needs to be clear. > > > Added a paragraph: > > Implementors should be aware that use of client certificates with TLS > 1.2 likely reveals the user's identity to the server and therefore may > compromise the user's privacy. There seems to be no easy fix other > than to avoid presenting client certificates except when specifically > configured to do so. > > > The issue here is that it exposes it not to the server (though it > does) but to anyone on the > wire. This is actually better with TLS 1.3. ok, clarified the paragraph that I wrote. Keith
- [Uta] Eric Rescorla's Yes on draft-ietf-uta-email… Eric Rescorla
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Keith Moore
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Alexey Melnikov
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Eric Rescorla
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Keith Moore
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Chris Newman
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Keith Moore
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Eric Rescorla
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Keith Moore
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Eric Rescorla
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Chris Newman
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Eric Rescorla
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Eric Rescorla
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Chris Newman
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Keith Moore
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Keith Moore
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Chris Newman
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-e… Alexey Melnikov