IETF Logo Mail Archive

Re: [atoca] Call for submissions: Secure Alert Format

Peter Saint-Andre <stpeter@stpeter.im> Fri, 17 August 2012 21:44 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: atoca@ietfa.amsl.com
Delivered-To: atoca@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E80BC21E8085 for <atoca@ietfa.amsl.com>; Fri, 17 Aug 2012 14:44:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.782
X-Spam-Level:
X-Spam-Status: No, score=-102.782 tagged_above=-999 required=5 tests=[AWL=-0.183, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YbH2ZuRADOgM for <atoca@ietfa.amsl.com>; Fri, 17 Aug 2012 14:44:17 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 2169E21E805F for <atoca@ietf.org>; Fri, 17 Aug 2012 14:44:17 -0700 (PDT)
Received: from [192.168.0.4] (unknown [67.177.192.224]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 2D186404EA; Fri, 17 Aug 2012 15:44:49 -0600 (MDT)
Message-ID: <502EBB2E.9040305@stpeter.im>
Date: Fri, 17 Aug 2012 15:44:14 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: "Richard L. Barnes" <rbarnes@bbn.com>
References: <CABkgnnXaDp-3D4msWLXQo8WCxojqMLp04ZSLa2P8YfXrGCGzOA@mail.gmail.com> <502E9627.4030008@stpeter.im> <22E8EC45-F535-4304-8C80-B2E17F59902C@bbn.com>
In-Reply-To: <22E8EC45-F535-4304-8C80-B2E17F59902C@bbn.com>
X-Enigmail-Version: 1.4.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: atoca@ietf.org
Subject: Re: [atoca] Call for submissions: Secure Alert Format
X-BeenThere: atoca@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <atoca.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atoca>, <mailto:atoca-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/atoca>
List-Post: <mailto:atoca@ietf.org>
List-Help: <mailto:atoca-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atoca>, <mailto:atoca-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Aug 2012 21:44:18 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/17/12 3:16 PM, Richard L. Barnes wrote:
> Hey Peter,
> 
> Thanks for this observation.
> 
> I think we were thinking of things in kind of the other direction: 
> 1. Define a general signed alert format 2. Define a way to
> transport those over XMPP (XEP-0127-bis)
> 
> This approach provides a more general functionality than sending
> CAP in secure XMPP (e.g., with an RFC 3923 signature).  The
> relationship is essentially the same as that between POSH and, say,
> attribute certificates over HTTP.  In one case, the signature is
> being provided by the protocol used to deliver the alert; in the
> other, the signature is attached to the object itself.  In the
> interest of being delivery-agnostic, ISTM that the object-based
> approach is preferable.
> 
> It may also be pretty trivial to extend XEP-0127 to support the
> security we describe here.  For example, if we allow detached
> signatures (which seems like a good idea), you could keep the same
> syntax as XEP-0127 and just add an attribute/element to carry
> signature data. (As long as the serialization of the CAP can't
> change...)

Yes, that all makes sense. My apologies if I missed earlier discussion
on this topic.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAuuy4ACgkQNL8k5A2w/vxeoACg51083zPtLu0J860VwZ1tL32k
x40AoMsIxU7wFU3zc2VzPagEjm2TNoAb
=Mjcr
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email