>>>>> <david.black@xxxxxxx> writes: > [1] In section 6.1 at the top of p.28, I don't believe that the > use of lower case "recommended" is a strong enough warning about > the danger in using anonymous PKINIT because it exposes the OTP > value: > It is therefore recommended that anonymous PKINIT not be used > with OTP algorithms that require the OTP value to be sent to the > KDC and that careful consideration be made of the security > implications before it is used with other algorithms such as those > with short OTP values. > At a minimum, that warning should be in upper-case: > It is therefore RECOMMENDED that anonymous PKINIT not be used > with OTP algorithms that require the OTP value to be sent to the > KDC. In addition, the security implications should be carefully > considered before anonymous PKINIT is used with other algorithms > such as those with short OTP values. > Beyond that, the security issue in the first sentence may be > severe enough to justify a prohibition, so the following would > also be acceptable: > Therefore anonymous PKINIT SHALL NOT be used with OTP > algorithms that require the OTP value to be sent to the KDC. In > addition, the security implications should be carefully considered > before anonymous PKINIT is used with other algorithms such as > those with short OTP values. I definitely agree that we should use RFC 2119 language. Note that WG participants have questioned this text in last call for other reasons. Many implementations use anonymous pkinit in a mode where the KDC's certificate is verified--that is the client is anonymous but the KDC is identified through a PKI. WG participants believe (and I agree) that the security concern does not apply at all in this case. So, the text needs reworking. > [2] In section 5, the first paragraph in the IANA considerations > is unclear, and following its reference to section 4.1, I don't > see any clarifying text there either. I think Sections 4.1 and > 4.2 need to say that the value of otp-algID is a URI obtained from > the PSKC Algorithm URI Registry, and the first paragraph in > section 5 should say that URIs for otp-algID are to be registered > in that registry, see RFC 6030. Why should we require that alg-ids be registered URIs? I.E. what is wrong with me using http://algorithms.painless-security.com/otp/best-thing-since-unsliced-bread (or a tag URI if you like) for my OTP algorithm? I have no problem with the IETF registering its algorithms there, or us encouraging people to register them them, but it's a URI. What purpose is served by forcing registration? _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf