<david(_dot_)black(_at_)emc(_dot_)com> writes:
> [1] In section 6.1 at the top of p.28, I don't believe that the
> use of lower case "recommended" is a strong enough warning about
> the danger in using anonymous PKINIT because it exposes the OTP
> value:
> It is therefore recommended that anonymous PKINIT not be used
> with OTP algorithms that require the OTP value to be sent to the
> KDC and that careful consideration be made of the security
> implications before it is used with other algorithms such as those
> with short OTP values.
> At a minimum, that warning should be in upper-case:
> It is therefore RECOMMENDED that anonymous PKINIT not be used
> with OTP algorithms that require the OTP value to be sent to the
> KDC. In addition, the security implications should be carefully
> considered before anonymous PKINIT is used with other algorithms
> such as those with short OTP values.
> Beyond that, the security issue in the first sentence may be
> severe enough to justify a prohibition, so the following would
> also be acceptable:
> Therefore anonymous PKINIT SHALL NOT be used with OTP
> algorithms that require the OTP value to be sent to the KDC. In
> addition, the security implications should be carefully considered
> before anonymous PKINIT is used with other algorithms such as
> those with short OTP values.
I definitely agree that we should use RFC 2119 language.
Note that WG participants have questioned this text in last call for
other reasons.
Many implementations use anonymous pkinit in a mode where the KDC's
certificate is verified--that is the client is anonymous but the KDC is
identified through a PKI.
WG participants believe (and I agree) that the security concern does not
apply at all in this case.
So, the text needs reworking.
> [2] In section 5, the first paragraph in the IANA considerations
> is unclear, and following its reference to section 4.1, I don't
> see any clarifying text there either. I think Sections 4.1 and
> 4.2 need to say that the value of otp-algID is a URI obtained from
> the PSKC Algorithm URI Registry, and the first paragraph in
> section 5 should say that URIs for otp-algID are to be registered
> in that registry, see RFC 6030.
Why should we require that alg-ids be registered URIs? I.E. what is
wrong with me using
http://algorithms.painless-security.com/otp/best-thing-since-unsliced-bread
(or a tag URI if you like) for my OTP algorithm?
I have no problem with the IETF registering its algorithms there, or us
encouraging people to register them them, but it's a URI. What purpose
is served by forcing registration?
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf