IETF Logo Mail Archive

Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch

Sam Hartman <hartmans@painless-security.com> Tue, 24 September 2013 03:38 UTC

Return-Path: <hartmans@painless-security.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12CC221F9D39 for <abfab@ietfa.amsl.com>; Mon, 23 Sep 2013 20:38:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zi8Cnrb9ODSE for <abfab@ietfa.amsl.com>; Mon, 23 Sep 2013 20:38:37 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id 694D921F9D3A for <abfab@ietf.org>; Mon, 23 Sep 2013 20:38:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 307752043C; Mon, 23 Sep 2013 23:12:22 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KtpMsU-oPZRb; Mon, 23 Sep 2013 23:12:09 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (unknown [50.136.31.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 23 Sep 2013 23:12:09 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id E62718833F; Mon, 23 Sep 2013 23:12:16 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: David Chadwick <d.w.chadwick@kent.ac.uk>
References: <tsl61ug7n72.fsf@mit.edu> <052301ceb814$54e4caa0$feae5fe0$@augustcellars.com> <523FE430.4040106@kent.ac.uk> <tsl61trg1jz.fsf@mit.edu> <5240AA1C.3060409@kent.ac.uk>
Date: Mon, 23 Sep 2013 23:12:16 -0400
In-Reply-To: <5240AA1C.3060409@kent.ac.uk> (David Chadwick's message of "Mon, 23 Sep 2013 21:52:44 +0100")
Message-ID: <tsl1u4eap67.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: Jim Schaad <ietf@augustcellars.com>, 'Sam Hartman' <hartmans-ietf@mit.edu>, abfab@ietf.org
Subject: Re: [abfab] [Sam Hartman] comments on draft-ietf-abfab-arch
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 03:38:53 -0000

>>>>> "David" == David Chadwick <d.w.chadwick@kent.ac.uk> writes:
    David> Hi Sam
    David> On 23/09/2013 13:33, Sam Hartman wrote:
    >>>>>>> "David" == David Chadwick <d.w.chadwick@kent.ac.uk> writes:
    >> 
    >> 
    >> I do not support this change.

    David> Which change do you not support a) saying that this is a
    David> major deficiency in existing federated systems b) saying that
    David> Abfab should fix this c) both


    >> 


I do not support either change.
I'd be comfortable adding a statement that the ABFAB architecture does
not provide a specific way for the user to inform the IDP about the
user's requirements for attribute releases.
Whether that's a major deficiency depends on what you're doing.
I agree there are cases where it is.

    >> 
    >> I'd argue that trying to fix the concent problem in a general
    >> manner at the federation layer may have done more harm over the
    >> years than the privacy problem that is trying to be addressed.

    David> Actually in my previous research we fixed this in a layer
    David> above the federation layer, which we called the attribute
    David> aggregation layer. So I agree that it is best to not fix it
    David> in the federation layer.

    >> 
    >> 
    David> iii) I dont buy into your whiteboard example of single entity
    David> authentication, because a hacked whiteboard could trick the
    David> user into opening the wrong file, which could be disasterous
    David> during an important business meeting. SO mutual
    David> authentication is needed here as well. If you want an example
    David> where mutual authentication is not important, its one where
    David> either the information being accessed is of very little value
    David> to the accessor so that it does not matter if it is erroneous
    David> information or not, or one where it does not matter who the
    David> accessor is i.e. its public information.
    >> 
    >> Most of the tools I'm familiar with for screen sharing etc would
    >> not allow the white board to pick the presentation/file.

    David> Meaning that the user sends an already chosen file to the
    David> whiteboard?  In which case I agree with you.

Exactly.
So, let's make it clear that it's critical that the user's software not
trust input from the white board without mutual authentication.

--Sam

v2.23.0 | Report a Bug | By Email