Ok, since answer not obvious starting thread on Kitten. 

-----Original Message-----
From: Jari Arkko [mailto:jari.ar...@piuha.net] 
Sent: Thursday, December 1, 2016 1:30 AM
To: Benjamin Kaduk <ka...@mit.edu>
Cc: Paul Miller (NT) <pau...@microsoft.com>; Michiko Short 
<michi...@microsoft.com>; IETF Gen-ART <gen-art@ietf.org>; 
Subject: Re: [Gen-art] Gen-ART Review of draft-ietf-kitten-pkinit-freshness-07

Many thanks for your review, Russ, and for thinking about this space and what 
issues there might be.

I too am concerned about the issue that Russ Housley raised: bad practices in 
creating the freshness tokens creates a security issue. If this cannot be 
handled in the way that Russ initially suggested (setting a minimum number of 
bits) then a proper discussion of the issue and recommendations to avoid the 
problems need to be included in the security considerations section.

I fully recognise the point from the authors that different styles of creating 
the tokens result in different implications, and that setting a mere minimum 
number of bits may not be appropriate.


Gen-art mailing list

Reply via email to