[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: I-D ACTION:draft-ietf-sacred-framework-00.txt

To: "'Magnus Nystrom'" <magnus@xxxxxxxxxxxxxxx>
Subject: RE: I-D ACTION:draft-ietf-sacred-framework-00.txt
From: Mike Just <mike.just@xxxxxxxxxxx>
Date: Fri, 1 Dec 2000 08:24:46 -0500
Cc: ietf-sacred@xxxxxxx
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
Sender: owner-ietf-sacred@xxxxxxxxxxxx

Title: RE: I-D ACTION:draft-ietf-sacred-framework-00.txt

Magnus,

Just two comments below. Thanks for your responses.

> -----Original Message-----
> From: Magnus Nystrom [mailto:magnus@xxxxxxxxxxxxxxx]
> Sent: Friday, December 01, 2000 6:05 AM
> To: Mike Just
> Cc: ietf-sacred@xxxxxxx
> Subject: Re: I-D ACTION:draft-ietf-sacred-framework-00.txt
>

<.....snip.....>

> [...]
> > > - [Section 3.1, 2nd bullet] The requirement for http might be ok, but why
> > > require TLS. This gets into the argument that you mention in Section 6,
> > > regarding the (de)coupling of the credential and protocol protections. The
> > > strong password algorithms of Section 4.2 would not require TLS protection,
> > > for example.
> >
> > In this draft, we removed a few restrictions that had been suggested earlier --
> > originally HTTP over TLS was the only transport considered and was mandantory.
> > In this revision HTTP / TLS is not the only possible transport protocol. We may
> > have to refine the wording in several additional places to makethis more clear.
>
> Note also that it only says "must be able to..." - it does not
> require TLS. I agree that the memo requires some clarification in
> this respect however, e.g. Section 3.1.1, first item in the list
> should probably read something like "..., that is, when TLS is used,
> only cipher suites..."
>

[MJ] I guess that "requiring" and "being able to" aren't that different to me. Your rewording sounds fine in any case.

<.....snip.....>

> > > - [Section 7, last sentence] For this reason, I think that server
> > > authentication needs to be required (as I've also stated above).
>
> If a client authenticating to a credential server (for the purpose of
> downloading its credentials) have to reveal information which can be
> used by an attacker to get access to the client's credentials, then I
> agree. As it will likely be the case that clients do reveal some
> information of that kind, I am inclined to strengthen the "SHOULD" to
> a "MUST" - but let's revisit this when the actual protocol
> implementation is discussed.
>

[MJ] I sounds like we're on the same page. My thinking was that if I were able to successfully authenticate to a server to obtain only your protected credentials and it were completely infeasible for me to obtain your credentials from these protected credentials, then there's probably no reason to have authentication to the server in the first place. I don't think this is the case, hence the requirement for server authentication.

Mike J.

Prev by Date: Re: I-D ACTION:draft-ietf-sacred-framework-00.txt
Next by Date: RE: I-D ACTION:draft-ietf-sacred-framework-00.txt
Previous by thread: Re: I-D ACTION:draft-ietf-sacred-framework-00.txt
Next by thread: RE: I-D ACTION:draft-ietf-sacred-framework-00.txt
Index(es):
- Date
- Thread