Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

2016-12-01 Thread Michiko Short
Subject: Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07 Many thanks for your review, Russ, and for thinking about this space and what issues there might be. I too am concerned about the issue that Russ Housley raised: bad practices in creating the freshness tokens creates

Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

2016-12-01 Thread Jari Arkko
Many thanks for your review, Russ, and for thinking about this space and what issues there might be. I too am concerned about the issue that Russ Housley raised: bad practices in creating the freshness tokens creates a security issue. If this cannot be handled in the way that Russ initially sug

Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

2016-11-30 Thread Benjamin Kaduk
On Mon, Nov 28, 2016 at 09:53:35PM +, Paul Miller (NT) wrote: > Minimum length is a problematic topic due to the fact that we intentionally > did not specify the format of the freshness token. Since the structure of > the freshness token is left up to the KDC, there is no good way to determi

Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

2016-11-30 Thread Michiko Short
Russ, is there an accepted value for a worst case CMS signature? -Original Message- From: Paul Miller (NT) Sent: Monday, November 28, 2016 1:54 PM To: Michiko Short ; Russ Housley ; draft-ietf-kitten-pkinit-freshness@ietf.org Cc: IETF Gen-ART Subject: RE: Gen-ART Review of draft-iet

Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

2016-11-28 Thread Paul Miller (NT)
Minimum length is a problematic topic due to the fact that we intentionally did not specify the format of the freshness token. Since the structure of the freshness token is left up to the KDC, there is no good way to determine a minimum size. If the freshness token is a nonce then the size is

Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

2016-11-28 Thread Michiko Short
The size issue a is big one for this late in the process as it never came up before. We would have to bring it up to the WG for discussion. Is this required? Happy to submit an updated version with the client & KDC flipped, first reference of KDC in abstract spelled out, and 2.1 PA_AS_FRESHNES

[Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

2016-11-27 Thread Russ Housley
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please s