Ok, since answer not obvious starting thread on Kitten.
From: Jari Arkko [mailto:jari.ar...@piuha.net]
Sent: Thursday, December 1, 2016 1:30 AM
To: Benjamin Kaduk <ka...@mit.edu>
Cc: Paul Miller (NT) <pau...@microsoft.com>; Michiko Short
<michi...@microsoft.com>; IETF Gen-ART <email@example.com>;
Subject: Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07
Many thanks for your review, Russ, and for thinking about this space and what
issues there might be.
I too am concerned about the issue that Russ Housley raised: bad practices in
creating the freshness tokens creates a security issue. If this cannot be
handled in the way that Russ initially suggested (setting a minimum number of
bits) then a proper discussion of the issue and recommendations to avoid the
problems need to be included in the security considerations section.
I fully recognise the point from the authors that different styles of creating
the tokens result in different implications, and that setting a mere minimum
number of bits may not be appropriate.
Gen-art mailing list