Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 27 May 2022 13:51 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C73CC237D00 for <uta@ietfa.amsl.com>; Fri, 27 May 2022 06:51:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.855
X-Spam-Level:
X-Spam-Status: No, score=-3.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-1.857, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OX7tl8iDmJYT for <uta@ietfa.amsl.com>; Fri, 27 May 2022 06:51:31 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2096.outbound.protection.outlook.com [40.107.22.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14481C237CF9 for <uta@ietf.org>; Fri, 27 May 2022 06:51:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jVuNbPPOy0yZtHnDbhA7iGF/ctOqx74y31VYT4/k7Qo7jLHpBaINkugA/UksqnO3lsJWSansx8uWuemwauymYaQcUCdaUQ7uhh29bAceC+JGEe1QMvppPODAMJQHz+Y0WpjantWNhzqjPc8ENcL+o+mVXhz9D1+EVY4+K24anVb37ZsEIJ1XXhhMcqGyM2RI32aCTOVyCxPeocVRMUhXeDi7MJNxlxwVPI6p0NQxcTw4SqWwWWRlG6rubBCrfkY8W3gdYwjM0UCtPej1AS0yNdSToH5PjntXFLxYbQkfayAHfIlM9xM9TnvxHi9SK3IfVxPO0vDvvI5FYFQBGSGmig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BqH932HzewJfSAXbu7dEma+kcunaLk+1Hf0WUwkT10g=; b=O7zGC9rHVUKR5BgYrq0b/5jvi45EOZWUHGpmxcbM6XN1S8dTDXQDm9BG4STB1Wgk0i83a+565lE/QD3ape1KtVA+m1W9ecYDlApm6gGWnKzb7Qac8Huk5YND8QtZlElr7/7FpEm0/bHAanYBUTN4z98RoEYkBTD1aHgz64034ukIIOGqybDhUDxkTCYuNXiLaDH9X59LLoGJr1ueFb6Lgb+rQ53pWj0rPfzSBOASrP1dFFbB1FiTaZI2pu8pgLRtP4I5C1RpZOtKpz1BoqTQ2TXUs61Ku899eowztSsEkRnrGHjP9gYLLESaLbiVEOq+vAQE9JOffLZihCy7+RAOHg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BqH932HzewJfSAXbu7dEma+kcunaLk+1Hf0WUwkT10g=; b=YCYGFi+YFoq8tHacb0Jpiz4JfBh4Y6DKFl98Tp1tKoaHcUECWaf1Kd+8oPb6Z9lB/rbMAu+ZzJfaaqX5gWr8UykD8YmilG8HgoNGT7RuGwVhBulh6NpY2g0OQKlGD3i5xorSOfz3tw+tkh2KSZKph7JJowT6l6fTHddKAnzCQRbLpu3+JN0ytKgZEjpYVVnUjJZc9WJYYmhyYJi1KNppiUUgbiBPgb5k4U0P+HC59OT70Ym3WX0J3mEVIvR2GLv8FwVo662fVZUH2QVNSYgYyPKh4kOvNn69WYMxwZz8x6QU3WPfQ+kxjZZrw0P4jHreLvh/QlaZrY39uHJ4cxnyxQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by AM6PR0202MB3416.eurprd02.prod.outlook.com (2603:10a6:209:21::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5293.13; Fri, 27 May 2022 13:51:25 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::92f:cb0b:71d:b049]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::92f:cb0b:71d:b049%7]) with mapi id 15.20.5293.013; Fri, 27 May 2022 13:51:24 +0000
Message-ID: <39887905-080d-0caa-86d9-45adea8705b9@cs.tcd.ie>
Date: Fri, 27 May 2022 14:51:23 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: uta@ietf.org
References: <165360014937.7348.791812490092301727@ietfa.amsl.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <165360014937.7348.791812490092301727@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------UcdzAQ8EmNOpBod18qXwG4ii"
X-ClientProxiedBy: DB6PR07CA0023.eurprd07.prod.outlook.com (2603:10a6:6:2d::33) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 39d55226-5bde-48b2-1fba-08da3fe7fd2e
X-MS-TrafficTypeDiagnostic: AM6PR0202MB3416:EE_
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-Microsoft-Antispam-PRVS: <AM6PR0202MB341613409E12005206609479A8D89@AM6PR0202MB3416.eurprd02.prod.outlook.com>
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: XT3o7bR4DiodhXRIwKX3Dhy9Si2XEVnIqn/COdTXXL0cev7yXOKwhn7iDevWbTMw2Ip1ZI1k1uIAWN5zSCO7AyXQpkEaXA1VrrJn/iVX3o6o59PxGKxy+edM1Zw2ZJJCP0VCFElLYjqCOZju5JCvpHqDBbv5Js3ynINlLFwhL3N3dcvptLr4nyrSeS/m99PeYCmJawYCwL7QI89az4/96QhIFnJumNtyMYoFO0Bpr9Fhnn98yAIsa5oaHsrJZSERIjAfyit+Pobj7D3ymISsahQjoGKu1OxJuELMqbu9iMbQMaBAtEccbLfeQrX2zI783zMG/90R5KwywNzYiMaSTzLuZd3FvL9hb6c/VU48NuEzzJJbOJzKANBUVV6Es4A62TXYuIGwUBuX0yLf2BDgbTXhNQnrfPETOUV/HZkHwGGPWzOZNMsPhRJ1xH416ihzCDmE9y1cnff9d5QcwqHK6hev9aAOEjdDBwy41IU2QZbdvDfmvO4+mlEbgSxVErB3QH5wt6q5lqF1gEyPZGGAAzs5eVWOR0APgA1yWTaMRoC5Q6pJ2vt1BOwiDKfl47r/zUqfffkaCCRk0oQJsSWaYsWkLtPgnt0hBa+XdVy6gxZFsBLwZ8Tv6gvo1pg5mHEOZqEg1GL1X6810e++GiQBCpuPbCkUZlDAKvOdpwZX720yrLJCRS0eylC2YeYdxYC+bGbZ3mA9qddvKd0XsZdvsFThV8LTrmdiAB5bRniUv1ZSR/0cNWhonQiqr5apu6Ie8gkeL25za2s5XMhaMYTQ38L+PZYAs/3nFZjsy1MkXI36rZ8218QTEc2Hw3MEUPlG
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(8936002)(508600001)(966005)(6486002)(316002)(6916009)(31696002)(66946007)(86362001)(66476007)(66556008)(8676002)(31686004)(6506007)(186003)(44832011)(36756003)(21480400003)(2906002)(83380400001)(26005)(5660300002)(6512007)(33964004)(786003)(235185007)(38100700002)(2616005)(43740500002)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: OUv/9yEnW/sWLJptwwsDObtuNQRRQrktZryV/N/2Kv8aeWfbQ+x01MkhOrRMyiDPLXGyfrSDBlA5xW9plbjLx03aVOjWH5tkfHbDJbGqpcLrE3F632LeSVcKrzso7hgNlCROn2tueInm8kPqZpD5ujyfaf8jrv8uSLL+04RIjIiduBk2Tfkt2jS7xuDgUUCH6/y3/ysFSu3JT50+qL5QlTnNCbSzVrYAUJeJQ0/y/8ZZIWRK9+LU2vkMLOXhUNoaED7tpJCGi/qCCXxcfAa99d8B0+Kf14/E0IIQcWfJ2ixFMgzpUzNm6b5j2nYQBU5KNuWzFmvhHZD/sbwot2aqkStJVpt8FnkVXkWep843pWuQQqjPn83Ms/VWOLDYzh2oke0lconsAJujWoYsl+biE3aCtC2cpdeqA6n0i7i3WMwvFZT3LhY/5K0QADVyDFtRxqqKkwYHsImQWwuMbJW/Eskvnkx8wWuZGlfNrHbElkQ2NRBaQdaDxAzIaOOA/KB2P0PPPbUt4TLboZ0RuvlBKr0IFBvAvNoPjI6h/PyIg/LAP1S5R65zXYOxksyPAB/5DmsHsLWXNGGDJTg6bp5fJuQqLljOAOowRX9aOAY53Q+bk/GaM4/Z/ylC34kN5tjVqbKhJZeE18dyOfWnzlIhMclpIgnzsuaml/MJe8wQdfUbz8EaRXpZvMC5cQYqrAL4QuTIWCtRJPFO4tyFvy56zglP5u6rYku7ABJD0exrjJrJ8hKvfXVnF9xS+AQIXxxqYrHkL/qV+EyPcMmN2ZBKPMLJ1V99GDA+O1QYrCYqA+NOHmyb8EaIJTOgS1vcNSkKnEDy0B2DJgRbc9mK//i9HrHdAK85CzwB3I/0d98+a/dE1u1rJVyO4zdLrPefNPdRQBADkGRNCV/NEbYAO6zcb7rfCcb6M8r27yZ3a/vYLW1Qwqo6GFEcn517jK7MuwgWHGKHxDeC4JdA5ZpTlkRLAPYXhDafwviPIV+eiT82m6D6GyMw8v6hO79soxRRJfkLxBCPh8Lfrv7MEO9vx+oMX1oBFav3Q/IwsTE3R85hb/WEHP8vWSkfE94j/mWgQLH1tV0UQmfR84iOaQhjl48Ra0vSI1CLYyCChPd9CErFmk885vHJGmpQlC0iTwc7ekEKMbletJ1AifrtFxesvaix3qfi7KksjyWLf3GxKXrm3mIh4nS/QbGQyCNjaYCHLsQalF2a4Ac2Z7weH3OqE2vloVOift74uBz3DAQ13ghWtUg9tvX/WD37CE8Bxln9Nf79Qa4GNzLYIAI12hzMpV08GzZN6JQJBV93xdUgE1+MytvGahQpfAeQSVcm2FmGnRnPhsGoea+4otvJobxxV0j+R8U/E23+AyfyXHh3qG4aT8LdLurq8Fi1I7wZY+onpGxA+jJ04EoIa7QivnMXQVsu4PNyGGvsxV/LXVC5r8O850opZ8SQ+4hm1lnXZB3jQccEtV9b4+vjiEVT5cVOnW509eGBZcN3PYedrQqCf5nX8Sfg9z5ZgCvSa4p5a/T0kWxuR2MbV3Q/GaFMs/CE4waLE5vonc9rqt9n6vmsDasTsfbzfC+cQRZoEZVUeOq+Aj6Q8pI+0O8eKcVewkccgIISSfy/xVYjMsKvkTlCRg/G2Vdk0WiFs223aP7B9/cGUAGP7CKIziR6L803iEDwMWq6Jjv7zVAS3gFng2ZdLC63e5WijyHapHPnKdudSMQT6bp13z7bWj4Ou+w+DLx/EHDC9A==
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 39d55226-5bde-48b2-1fba-08da3fe7fd2e
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 May 2022 13:51:24.8531 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: h6WKjofSvL2yF3oB17ZcaQll8KENRBAzHJZTAjNOZELKHKin6erzHxtQDG28xakc
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR0202MB3416
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/g7NSJ2EhcodTOoaDl-bJz8KgwQg>
Subject: Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2022 13:51:37 -0000
Hiya, I had a read of this. Seems to me to be in fine shape but a couple of comments below. If those have already been discussed, apologies, and do ignore 'em. I don't think any of my comments need addressing before publication, but figured it was no harm sending 'em anyway:-) - section 3.2: I wondered why no mention of MTA-STS or DANE? Could/should we say that MTA implementations SHOULD include support for such strictness? - 4.2: there's been some cfrg [1] discussion (but not much and without so far reaching a conclusion) on deterministic signatures (RFC6979) and fault injection attacks. I wonder if we want to say anything about that? It might be worth just adding a reference that describes the problem, but I don't think we can expect the cfrg discussion to have resolved before this gets published. Those attacks are probably not that important for a typical TLS server but more interesting for small devices with TLS servers so maybe it's a bit too niche a concern to include? - 7.4: is it still true that "many TLS implementations reuse Diffie-Hellman and Elliptic Curve Diffie-Hellman exponents across multiple connections"? If not, then maybe s/many/some/ or cast the sentence into the past tense? - refs: is rfc6125 still the right reference given the -bis work? - refs: The 2015 date for the bettercrypto.org seems wrong. I guess that site has been updated since? It says 2018 on their front page anyway, but I'm not sure what'd be the right reference. Cheers, S. [1] https://datatracker.ietf.org/meeting/113/materials/slides-113-cfrg-signatures-deterministic-vs-randomized-00
- [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt internet-drafts
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Yaron Sheffer
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Martin Thomson
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Yaron Sheffer
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Stephen Farrell
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Yaron Sheffer
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John Mattsson
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Thomas Fossati
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John Levine
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Viktor Dukhovni
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Viktor Dukhovni
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John R Levine
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John Levine
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Viktor Dukhovni
- [Uta] Multi-Server Deployments (was: Re: I-D Acti… Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… John Levine
- Re: [Uta] Multi-Server Deployments (was: Re: I-D … Martin Thomson
- Re: [Uta] Multi-Server Deployments (was: Re: I-D … Peter Saint-Andre
- Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-0… Viktor Dukhovni