[abnf-discuss] FW: [urn] Informal NID registration interest
Francesca Palombini <francesca.palombini@ericsson.com> Tue, 30 March 2021 13:49 UTC
Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: abnf-discuss@ietfa.amsl.com
Delivered-To: abnf-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD53E3A12E8 for <abnf-discuss@ietfa.amsl.com>; Tue, 30 Mar 2021 06:49:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1xjFo3KmS0W for <abnf-discuss@ietfa.amsl.com>; Tue, 30 Mar 2021 06:48:59 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80045.outbound.protection.outlook.com [40.107.8.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 74C133A12E6 for <abnf-discuss@ietf.org>; Tue, 30 Mar 2021 06:48:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G3f204BNuc9IAxSsx8NWHAfyvPNV+AoxaZnnFvg4f258u72hNtzGhgpuT/3V9EI4fKWkE2aACCecC38zvgvAuFotSSBRtLN+j6OyE3NtYW13IeGnsTlbzNAEDP39At/RdJgmG757G8BsxX+40dBnl3xmHNcKlQIbYG0B4H/EL6gkpOU3A2qqdcAU1OiaWxBMPUB7Pdc2bL1uhOuJVd8bbmuJU0k/NHONf1PSx0U/uv6/VKb9AqXScKW7fv7rmG5qRPdSEmxbTDEPkQ196EuOFYzUtEbPusickbXHCjqxNOOvSD038TpWZXZEbJd77pT59EnBTj1jvKPrAcDEY9I5rQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pCEadhBvRoWxaRn7PDplO3fovre6B/7enFVlWTiU0Bs=; b=GfV/GLJzqpgjp7g05G8Uw/3PJxR3glBWAMlCynIJTsKcOlCrJez9tYe6ofCv+6IzU5D7I+1Bxvb7zbO2UdpzuESzbg4MtMbIDxVXS9AYU62AazqN5oMQGNYsTzZRd6N7fGa9rKP1zdmX+x8Mife78WKpSZdQsWh+NwLWPQqebccx0y8jfBW5WgMM5q1QyTGYsgBwsDhntxFrlSVojBqKX1IDdwHSM2KyEIw95wszTREzlMjJCe2QhIucteQfLinpTf4p0CsH4mPYmBjmhvMeXt2YXOKfs9QRdNEDmJcBQbko7wtsj1BadU03Cs6dIXE13bIarBsJquTa8/ktVhX5OA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pCEadhBvRoWxaRn7PDplO3fovre6B/7enFVlWTiU0Bs=; b=TrFDRFFZPTZp3sKOMm0fLhbssaweYImT/x13/Fy/JeAPa+BIwcJc0SFoFVHZMB0LkuL7r6oNlEqRSjfQjSK5TYdtk6emKq/JorT+K3qrgI1wJxeCepyhwtYkqfnALUGRG1z+8+6txa/wBqB7CQiPEAKHj+P15P/BB2XtpNS2hqg=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR0701MB3002.eurprd07.prod.outlook.com (2603:10a6:3:4f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.16; Tue, 30 Mar 2021 13:48:55 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::e922:5ae8:48bb:b796]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::e922:5ae8:48bb:b796%3]) with mapi id 15.20.3999.019; Tue, 30 Mar 2021 13:48:55 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: "abnf-discuss@ietf.org" <abnf-discuss@ietf.org>
CC: "kate@aerobatt.com" <kate@aerobatt.com>
Thread-Topic: [urn] Informal NID registration interest
Thread-Index: AQHXJWtskP0qmxMDQ06guvOm4eQC6Q==
Date: Tue, 30 Mar 2021 13:48:54 +0000
Message-ID: <63D60ED7-CB73-46E1-937A-56CD3F99C35E@ericsson.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21031401
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [62.63.203.117]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 52cfb97d-f50e-4b56-8f98-08d8f3828f66
x-ms-traffictypediagnostic: HE1PR0701MB3002:
x-microsoft-antispam-prvs: <HE1PR0701MB3002CB96A161CC5D213125EE987D9@HE1PR0701MB3002.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FFs1FS99jib0nCX0VrXOymdcxJh6BnOELJ3YkQZ62RGZX7lnK++UMrYtvDRk4hzt7w2eYLtT/rL4CUHGVvCrKS0Z9O+0Yv42jX2dlU3eiB1JfvPzTxpojb9fWvl1/6z3IZXVJv9EUZKSQSbqVK9b8UiPwLgAj/hWCBuqBillxzgyRrpOtndqkudqdH337OlNpktr5Jrie8ZGhBw5dSi9Z+0IZ0eWQVn/DmuI5/Q43hatIbl0nH3sj+UB3KXRGEbsGyQ1MjczvTkpkgFtCi4bNoE5F1Wy+NKvCyxN/KN+CcS5Ya53u3HfIwdPwVKt1xVYnr5D4t3OG9TJHQzyoOcVDOeWEn0nEd8WgD7MQ+prrvPgR3tLJ3TdE0qxJPDCp+jeGXK2tdO+inOIrcrbF5ObCzhTn0aZhGGBz3CHXUiXhBE5QH5DdGxJ3mVU5KVxPAMh2LWt6alOiUueMbHgEQdz5QhJLakr6FW2sOtTQVESu5K3i9VtBJni+KaQ87OdCDGRS/IRzxDC3R17qyiADYwcP5GlZ9VuQ4rYiQUmx1IkLSjuAkeiY/8SdgrQBjHxfovvElPO12jCwuQSphkeW843eYV7mi/6+hvcUcHlBk8rufwpTl/3Oi280QwVzUlNEo5NWA/tuH9mhye4tyLwR3w4zplkb+s0RuibebOHttfTMGWeMxJZuRnOlaDuKBdRGRtUxCI90rgK9kRTvZ+vF8u5nONTQkhB23tsiKRwb43PHrse4WOoCopJ5QFJr9RChJC445v3c1VjcgKVgRk7mriEEg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(346002)(376002)(136003)(396003)(6916009)(6506007)(91956017)(8676002)(44832011)(36756003)(2616005)(33656002)(316002)(83380400001)(76116006)(6512007)(66556008)(66446008)(64756008)(66574015)(4326008)(66946007)(86362001)(8936002)(66476007)(5660300002)(26005)(966005)(2906002)(71200400001)(38100700001)(186003)(6486002)(478600001)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: RbsKMkMgZvnbG1HAfecFQ7vkIUPGgElAxhNxjawludzieD4836D8t+fnoBtUnGxz9rs8rjA9NgqNFktLdRPSsSqJgga8nowZc3bFcE7WdryVo6eAB5nxru58wukL/LDKq9vhXuhbzQIn5Of7Ckqyp9pT75qVqMZIQM5LmCnDh6xQ0Ty5FdJzosFNKGb1lW5rccgZJTlGX0hQU9zrkPNX2ISIIymbNrd/7dUwDsvk2GE/tqiRZeB32hPXgePv18+8aX8h8iVHOoAz01qVPjRbUf9iep0xr+ZJtFKGAvlIBPkCtObuCimuEArJP+832lR25cvK6il2WTf+B+nZvePAn5eUsVZu3Mxe5mb/SBGiccjex3bxgsSvB7XThxmW7IIkc+nC7BRV1Bs+NP5ltXxkH2Zq9tyjusVIp5TF/290hS0696t8cNYqc7lYSS+r3zmsvbPT4BbrIwZerTWjMh1PpBzJwtJYS1w4xuPty8k/isgs69GdRop7dB/MxkGFZFKEa/FKkJCdt1GWj73i3PrX7Jg9M0TbZZrwyS9sFNgZu9lgthJsjHrPu2xNfU2qeVZPX8v1PY5vFwQokUQakMQgMTkZuSlqf+8pDGIQVHEbh6irDSJ4uVpmhBEVf5GeMcT3vFsvNDe9B0vLEcKYK9xSMdOVL2ovhjG3vRKAFWYxkYrbZc68vN80qLA/eCWsovj9v+HUzDsaUptFkiiThDtYcFgw9wpCU3fbPupJdsWuqrnhUJ8L6ER+JzDSsBvSCNRuuobBDaswgDL1BsjRC6AmkDzT89Tb3YVZEJnoZNJedcsIqWW1HkI23em8NdXIesA0OTVzPsoTek8H2CP1lQUevdoJQjHH+jSyq3Bl2uylH75S8SOXLx9SbMQe0SYlnRmFK+LJJEjAoMZDQf+wnJmWIi0VP6FObbuEKoIobVqtW9fMf2jxcVvJJMat5q7W1g8pL+CJwGBJW7JhOJNHYTcFwsMAxbYcLs5YQOzM5yd0S/7xdAwnVO3mSJpqId7t5gKUyAItAFCU9KeA8e1TB8JW34L3erA612fTHnAle0UMdN4h1VbmncSodQoRCpHuX4T+hjsRgQun+uYGLTs3MIFFal9T5Qud8+z3Apox52pmFSG5n3wyPOH043buoU2TRHHlXwFPFQivhUMaAjVcBqHceJZiw9zDvWIaZWUbMpHkkPkBx+kojC3+vpU+i6uaZffgHqPfPnBHsO3GlGXNcaqKh6lJ8YuAKZetNMiz6zyEwKud7e4YAf0vwuX4qUp6B79lEbht+XeeU79Woc7UYlaU3sKnudZo/Nnz6uHr02Tkw+DQmZ84qPDQcoH04p/ySVoC
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <3E08225C2540DC40B417FA17F4F31DAB@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 52cfb97d-f50e-4b56-8f98-08d8f3828f66
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Mar 2021 13:48:54.8417 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JKYiOtt689eLYJRTaCZ5WLbiCHe0wY/42uIgRONrGD3biAKJJfns5s/ul+RkXEURzaX2fqEhnYink9HL6AVfoWjUMgqHCBdsKXP3lDuyvAtiYdvdwyDm8Ygv2WR1kw7e
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3002
Archived-At: <https://mailarchive.ietf.org/arch/msg/abnf-discuss/rtJ1jIWZ-m4cX5OMFfg-elq9EXs>
Subject: [abnf-discuss] FW: [urn] Informal NID registration interest
X-BeenThere: abnf-discuss@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "General discussion about tools, activities and capabilities involving the ABNF meta-language" <abnf-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abnf-discuss>, <mailto:abnf-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abnf-discuss/>
List-Post: <mailto:abnf-discuss@ietf.org>
List-Help: <mailto:abnf-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abnf-discuss>, <mailto:abnf-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Mar 2021 13:49:04 -0000
Hi all, The URN mailing list just got this registration request, which contains ABNF - if any of the ABNF experts has time to review it, I think it would be helpful to the author (in CC). Francesca --- https://mailarchive.ietf.org/arch/msg/urn/RiNCn4BYeY6xoilYpiGdDBUd0QQ/ [urn] Informal NID registration interest Kate Gray Sun, 28 March 2021 09:01 UTC Hello, I am interested in registering an informal NID for URNs. I have attempted to fill out the template as requested. I apologize if I screwed up somewhere; this is my first time doing this. Namespace Identifier: Assigned by IANA (informal) Version: 1 Date: 2021-03-28 Registrant: Kate Gray <kate&codebykate.com> 340 S Lemon Ave #5926 Walnut, CA 91789 USA Purpose: The purpose of this NID is to provide a Uniform Resource Name representing derived keys within a card issuance scheme. Specifically, they provide a path within a hierarchal tree representing implementers (referred to as tenants within the system), card issuers (e.g. Universities), optional sub- issuers (e.g. Departments), and individual keys within a card (used for different purposes). These URNs will be used by card manufacturers (to preload data for issuers), as well as issuers and users to refer to the cards and keys throughout the card lifecycle. Good security practices require the use of diversified (per-card) keys, so that an attacker who defeats the security on a card will not have the keys required to attack other cards within the system. A cryptographic module (generally a smart card) can be pre-provisioned with the issuer keys, and the URN for a given key provided to it. With this information and cryptographic keying material, the appropriate keys can be derived, without the host needing to know the issuer keys. While this URN will be implemented into software (including open source software), and published to permit others within the industry to interoperate, it is not expected to become a formal standard, or to be publicly resolvable. The general use will be between actors in a card issuance scheme, for purposes like enabling a vending machine to derive a balance update key for a stored balance wallet on a card, or for a help desk agent to determine the Personal Unblocking Key (PUK) for a user that has lost their PIN. Syntax: All URNs defined under the namespace have the following structure, specified in RFC 7405 ABNF notation[1]: NSS = %s"urn:" NID ":" TenantId "@" TenantVersion ":" IssuerId "@" IssuerVersion ":" Purpose "@" PurposeVersion "/" ResourceId "@" ResourceKeyVersion NID = "urn" - DIGIT TenantId = 3*(label) TenantVersion = version IssuerId = 3*(label) / 3*(label) ":" 3*(label) / 3*(label) ":" 3*(label) ":" 3*(label) IssuerVersion = version Purpose = 3*(alphanum / other) PurposeVersion = version ResourceId = 1*(alphanum / other) ResourceKeyVersion = version label = loalpha / loalpha *(alphanum / "-") alphanum version = 2*2(HEXDIG) alphanum = loalpha / DIGIT loalpha = %x61-7A other = "-" / "_" As the full string of the URN is used as an input to the Key Derivation Function, equivalent URNs are impossible. As such, the equivalency rules consist of bit-by-bit comparisons (Simple String Comparison). Assignment: Registration within this NID is private. Implementers will register a Tenant ID, and be responsibile for issuers and sub-issuers within their card issuance tenancy. The web site will be responsible for ensuring that Tenant IDs are unique. Uniqueness will be guaranteed through a combination of statistical and database-based methods. For example, when issuing management for PIV cards, the keying material used incudes a UUID that is guaranteed mathematically to be unique. In contrast, when deriving GlobalPlatform keys (which use a 10 byte unique ID for the card), issuers will be responsible for keeping a record of all such cards issued and ensuring there are no duplicate IDs. Because each issuer is at a unique path within the hierarchal tree, uniqueness is guaranteed as long as they take care not to issue duplicate cards within their own subtree. Security and Privacy: As these identifiers will be used in the generation of cryptographic keys, their opacity does serve to provide a degree of "security through obscurity" for attackers looking to compromise the cards. The loss of that obscurity (for example, if an attacker is able to find a users card ID in the browser history) in theory represents a slight loss of security for the user. Keys for this system will be stored in Hardware Security Modules (HSMs), and configured such that the actual keying material for that level never leaves the cryptographic envelope. Through the use of hash functions that provide strong cryptographic guarantees, and hardware security on the keys themselves, there is no need for the identifiers to be private, and no risk to the user should an attacker somehow gain access to his identifier without having additionally compromised the HSM or a machine connected to the HSM. In a broader sense, the point of this card issuance scheme is to facilitate the issuance of privacy-protecting and security-enhancing credentials to individuals within organizations. Such cards permit strong authentication, as well as multi-factor logins that are resistant to phishing and which enable mutual authentication from the server level. As such, the net effect on Privacy and Security will be positive. Interoperability: The author is not aware of any potential conflicts with this namespace, and given the rather tightly coupled nature of the identifier with the implementation, any overlapping areas of concern for other systems should not present interoperability issues, as there will be no operability. Resolution: Resolution mechanisms are not intended or anticipated for this namespace.
- [abnf-discuss] FW: [urn] Informal NID registratio… Francesca Palombini
- Re: [abnf-discuss] [urn] Informal NID registratio… Carsten Bormann
- Re: [abnf-discuss] FW: [urn] Informal NID registr… Paul Overell
- Re: [abnf-discuss] FW: [urn] Informal NID registr… Paul Overell
- Re: [abnf-discuss] FW: [urn] Informal NID registr… Kate Gray