[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Considerations

To: "Eric Rescorla" <ekr@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Security Considerations
From: "Robert Sayre" <sayrer@xxxxxxxxx>
Date: Thu, 3 Aug 2006 12:28:21 -0400
Cc: "James M Snell" <jasnell@xxxxxxxxx>, "Brian E Carpenter" <brc@xxxxxxxxxxxxxx>, "Roy T. Fielding" <fielding@xxxxxxxx>, "Sam Hartman" <hartmans-ietf@xxxxxxx>, "Lisa Dusseault" <lisa@xxxxxxxxxxxxxxxxx>, "atom-protocol Protocol" <atom-protocol@xxxxxxx>, "IESG IESG" <iesg@xxxxxxxx>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=OmucOYg5dQTP/12UANrNFNjhgzUJtGlH2enlutjy99E6vX/4nCRxC8ItD09++tPo5LI1RLu51QCvng4R2fuXAnltxti7sNemYDbw1vizLuFmzJQ4qvwlUiu8N9UboyP7Ejxisn+6UFguXoiwim9DLfqyBUUDFKBKB5fHnHAt4Zs=
In-reply-to: <20060803160531.DDC32222426@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/atom-protocol/mail-archive/>
List-id: <atom-protocol.imc.org>
List-unsubscribe: <mailto:atom-protocol-request@imc.org?body=unsubscribe>
References: <44D21C44.1020701@xxxxxxxxx> <20060803160531.DDC32222426@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-atom-protocol@xxxxxxxxxxxx


On 8/3/06, Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx> wrote:

Apparently I wasn't clear. I meant what if my implementation *only* supports
my new mechanism. I.e., I couldn't interoperate securely with someone who
did Basic/TLS.


Yes, that's correct. So, your implementation would not be one of the
two we count on the move to DS, unless someone else implements your
scheme. Of course, it is obvious that would occur from reading the
RFCs.

I think it would be useful to show that the mandatory to implement
doctrine will result in the same situation, but less obviously. Let's
say we require Basic/TLS. BigCo writes a server that supports
Basic/TLS and BigCoFederation/TLS, and they donate the project to
Apache. When BigCo deploys the server for BigCoEmail.com (millions of
users, free accounts, many gigs of storage), they turn off support for
Basic/TLS.

In other words, the implementation/deployment distinction is not of
practical consequence for the Atom Protocol. I agree that encumbered,
proprietary, possibly insecure authentication schemes are harmful to
the Internet, but the servers are in control here, and
mandatory-to-implement authentication is not a way to prevent that
harmful stuff from occuring.

I am completely confident that we will get many interoperable
implementations with my text. Do you disagree?

--

Robert Sayre

Follow-Ups:
- Re: Security Considerations
  - From: Sam Hartman
- Re: Security Considerations
  - From: Bill de hÓra

References:
- Re: Security Considerations
  - From: James M Snell
- Re: Security Considerations
  - From: Eric Rescorla

Prev by Date: Re: Security Considerations
Next by Date: Re: Security Considerations
Previous by thread: Re: Security Considerations
Next by thread: Re: Security Considerations
Index(es):
- Date
- Thread