IETF Logo Mail Archive

Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)

Peter Saint-Andre <stpeter@stpeter.im> Thu, 14 July 2022 15:06 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59A14C147930; Thu, 14 Jul 2022 08:06:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.128
X-Spam-Level:
X-Spam-Status: No, score=-2.128 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=nqbatTg8; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=THLRM1m9
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VcTiHtOSAdwt; Thu, 14 Jul 2022 08:06:44 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87A2CC14792E; Thu, 14 Jul 2022 08:06:43 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id E14AF5C00F8; Thu, 14 Jul 2022 11:06:40 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Thu, 14 Jul 2022 11:06:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1657811200; x= 1657897600; bh=v1G4Dpp4y+QYa1y7FZ4UG1aSVXsAztZawmZzktNiilQ=; b=n qbatTg8fTs3DIrNYKimZdSVadrn3eb5ZHzBSHuspRD+IVaxL6oH6kaUD61lOv/Sp 4Y+NfQ/p/hiTLdXR8NXURNFJMoySLmUyzQtEQz9rV8OYuxSL4P+HtoVgt5W5eDeB 9U8A5NPuakreyriSGlqzNQ6xc3PmmLGug9V8n28gpEofIAHOj6iPNS+CcY6idDGb DvX++5JZBwfKkk+LYKSPFm38bIckYXJ0d5QJvSQBRLd7HSCvcl/LGWmsvCP6pRuZ gmWVi8WQdCfVn8eIwxB+6Tw2xazeqo4YOUpj4IhwDEk5dAWzezRACkK8DRdPojax hGe9ywDv1M3ifwyAuGw/w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1657811200; x= 1657897600; bh=v1G4Dpp4y+QYa1y7FZ4UG1aSVXsAztZawmZzktNiilQ=; b=T HLRM1m9EuxEt+Ing6ck2gyEX+jE8deZAJ0Y++eOqd2zdBoCaQHFgX1oM4LZMD7lu wtYWDolL1kck4othsD4BGfXgFPVtjp0Bv5uxcmM0h782rNM1pIrysTpkyHZSF9o/ MswCpPCU2/d6+EZnYEAGnpCCr5pOSRrveTTfgyY4MCGYniSDrC/YwlcscSDih6P4 dhTIVz+ORneNRQJw1Ws6cspfTCKp/ARwGtixmt1my9KFBC+E1c+wvVrJnJO9J8Pe 30UPqdcsaNUwZFsDVd3su7shNme+eHiNQwTc1Rgf5KnKotKfCys5Q2FKx5M12dli oulOLoMAD03QFwMwKpDRQ==
X-ME-Sender: <xms:ADHQYgW29bRdE-JiCuPyHw1JyDNt4it6AJbIua7HK5Hoybcrx9gJJA> <xme:ADHQYkkauThaQ_8WiaNRqGWUzYslqPBPFjgtKDwk-GEWiegoRMLyhThM0Cl9_7XIi 3csIcf6CjuiyT5PTQ>
X-ME-Received: <xmr:ADHQYkYfGvWdcu0_jmnCoOzfhirkFr2K0WtULuCRNEK9Q3LAhlLnKPjJ4aeY>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudejledgkeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvvehfhfgjtgfgsehtjeertddtfeejnecuhfhrohhmpefrvght vghrucfurghinhhtqdetnhgurhgvuceoshhtphgvthgvrhesshhtphgvthgvrhdrihhmqe enucggtffrrghtthgvrhhnpeeltdegieekleekleetudehteegkeelgffgieegjefghfeh ueeiieelheevtdehjeenucffohhmrghinhepihgvthhfrdhorhhgpdhgihhthhhusgdrtg homhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehs thhpvghtvghrsehsthhpvghtvghrrdhimh
X-ME-Proxy: <xmx:ADHQYvWgo6E9oUzVDaxmHsk6ZeybcC8pSxDsywDxBch2XMUTawIWXA> <xmx:ADHQYqlqZ-mq1Q5ptcTNUJ7z9LiKC23_KitK7aYIpdOe6lBfIFEm1Q> <xmx:ADHQYkfcjq2lK_vXpIDTSETIN3DSby31uQrCuVGb1IZbJQv6xxAVBw> <xmx:ADHQYhtQSKqJA4EZ3cwxIdmAdgPD64gUwUMB70IhEVljgdI-PYkGtA>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 14 Jul 2022 11:06:39 -0400 (EDT)
Message-ID: <799e5773-9fa4-b06a-38d1-138c43c5cfd9@stpeter.im>
Date: Thu, 14 Jul 2022 09:06:38 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
Content-Language: en-US
To: Robert Wilton <rwilton@cisco.com>, The IESG <iesg@ietf.org>
Cc: draft-ietf-uta-rfc7525bis@ietf.org, uta-chairs@ietf.org, uta@ietf.org, leifj@sunet.se
References: <165779144446.10023.16857085823147739769@ietfa.amsl.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <165779144446.10023.16857085823147739769@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/ApssyvDWxgMud7KKNw215s95lUY>
Subject: Re: [Uta] Robert Wilton's Discuss on draft-ietf-uta-rfc7525bis-09: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jul 2022 15:06:48 -0000

Hi Robert, thanks for the review. Comments inline.

On 7/14/22 3:37 AM, Robert Wilton via Datatracker wrote:
> Robert Wilton has entered the following ballot position for
> draft-ietf-uta-rfc7525bis-09: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-uta-rfc7525bis/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> Hi,
> 
> Thanks for this document, I think that it is a helpful update.  Disclaimer, I'm
> not a security expert, but I would like to discuss some of the RFC 2119
> constraints that have been specified please:
> 
> (1)
> I find some of the 2119 language to be somewhat contradictory:
> 
>    *  Implementations MUST NOT negotiate TLS version 1.1 [RFC4346].
> 
>    *  Implementations MUST support TLS 1.2 [RFC5246] and MUST prefer to
>       negotiate TLS version 1.2 over earlier versions of TLS.
> 
> The second sentence implies that a TLS 1.2 is allowed to negotiate earlier
> versions of TLS, but a previous statement indicates that this is not allowed.
> A similar contradiction appears for DTLS:
> 
>     *  Implementations MUST NOT negotiate DTLS version 1.0 [RFC4347].
> 
>     *  Implementations MUST support DTLS 1.2 [RFC6347] and MUST prefer to
>        negotiate DTLS version 1.2 over earlier versions of DTLS.

Based on other reviews, I think we already have a fix for this:

https://github.com/yaronf/I-D/pull/447/files

> (2)
>             *  New protocol designs that embed TLS mechanisms SHOULD use only TLS
>                1.3 and SHOULD NOT use TLS 1.2; for instance, QUIC [RFC9001]) took
>                this approach.  As a result, implementations of such newly-
>                developed protocols SHOULD support TLS 1.3 only with no
>                negotiation of earlier versions.
> 
> Why is this only a SHOULD and not a MUST?  If a new protocol (rather than an
> updated version of an existing protocol) was being designed why would it be
> reasonable to design it to support TLS 1.2?  If you want to keep these as
> SHOULD rather than MUSTs then please can the document specify under what
> circumstances it would be reasonable for a new protocol design to use TLS 1.2.

Although personally I'm open to MUST here, I'd like to discuss that with 
my co-authors (one of whom is offline this week).

> (3)
>                                                             When TLS-only
>        communication is available for a certain protocol, it MUST be used
>        by implementations and MUST be configured by administrators.  When
>        a protocol only supports dynamic upgrade, implementations MUST
>        provide a strict local policy (a policy that forbids use of
>        plaintext in the absence of a negotiated TLS channel) and
>        administrators MUST use this policy.
> 
> The MUSTs feel too strong here, since there are surely deployments and streams
> of data where encryption, whilst beneficial, isn't an absolute requirement?
> 
> In addition "MUST be used by implementations and MUST be configured by
> administrators" also seem to conflict, i.e., if the implementation must use it
> then why would an administrator have to enable it?

I believe this is a duplicate of an issue that other folks have already 
raised:

https://github.com/yaronf/I-D/issues/437

> (4)
>     When using RSA, servers MUST authenticate using certificates with at
>     least a 2048-bit modulus for the public key.  In addition, the use of
>     the SHA-256 hash algorithm is RECOMMENDED and SHA-1 or MD5 MUST NOT
>     be used ([RFC9155], and see [CAB-Baseline] for more details).
> 
> So, for clarity, this would presumably mean that SHA-256 is also preferred over
> say SHA-512?  Is that the intention?  Or would it be better if the SHOULD
> allowed stronger ciphers?

I think we should probably say "SHA-256 or stronger", but again I'd like 
to see what my co-authors think.

Peter

v2.23.0 | Report a Bug | By Email