IETF Logo Mail Archive

Re: [atoca] New Version Notification for draft-barnes-atoca-escape-01.txt

Richard Barnes <rbarnes@bbn.com> Wed, 12 September 2012 18:30 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: atoca@ietfa.amsl.com
Delivered-To: atoca@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25C0121F853D for <atoca@ietfa.amsl.com>; Wed, 12 Sep 2012 11:30:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id varSV0Jy4CpY for <atoca@ietfa.amsl.com>; Wed, 12 Sep 2012 11:30:02 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 4DBB821F8557 for <atoca@ietf.org>; Wed, 12 Sep 2012 11:30:02 -0700 (PDT)
Received: from [128.89.255.13] (port=59870) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1TBrhD-000EOF-SU; Wed, 12 Sep 2012 14:29:55 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Richard Barnes <rbarnes@bbn.com>
In-Reply-To: <6DDAB886-779C-4F0E-BE34-D80F34E5A456@incident.com>
Date: Wed, 12 Sep 2012 14:29:56 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <A65E2E4C-F949-433D-BAC5-13EE8AB47624@bbn.com>
References: <20120911033801.16598.18619.idtracker@ietfa.amsl.com> <886749D5-885D-471F-A0B7-32DE09C69C5E@bbn.com> <6DDAB886-779C-4F0E-BE34-D80F34E5A456@incident.com>
To: Art Botterell <acb@incident.com>
X-Mailer: Apple Mail (2.1278)
Cc: atoca@ietf.org
Subject: Re: [atoca] New Version Notification for draft-barnes-atoca-escape-01.txt
X-BeenThere: atoca@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <atoca.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atoca>, <mailto:atoca-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/atoca>
List-Post: <mailto:atoca@ietf.org>
List-Help: <mailto:atoca-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atoca>, <mailto:atoca-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2012 18:30:03 -0000

Hey Art,

I apologize for that line.  I had forgotten about the use of XML-DSig in CAP, probably because, as Martin notes, it's broadly viewed in the IETF as not very interoperable.

In general, it seems like we have a choice to make as to what security container we want to specify here:
-- XML-DSig
-- S/MIME / CMS
-- JOSE

We (the authors) chose to go with S/MIME because in our view it was simpler to implement than XML-DSig and more mature than JOSE.  As Martin noted, the simplicity compared to XML-DSig is largely due to the fact that S/MIME just signs the serialized octets, so that the signing layer doesn't need any knowledge of XML.  In the long run, I think JOSE is probably the way to go, because it's likely to be even easier to implement than S/MIME, but that's still developing.

Could you provide any data on how much actual implementation / usage of XML-DSig with CAP?  

Thanks,
--Richard



On Sep 11, 2012, at 1:20 AM, Art Botterell wrote:

> Hi Richard -
> 
> I'm confused by the claim that CAP "does not provide any security features that would support authentication of alert originators."  
> 
> Section 3.3.4.1 of the OASIS CAP 1.2 specification says "The <alert> element of a CAP Alert Message MAY have an Enveloped Signature, as described by XML-Signature and Syntax Processing," and makes reference to both <http://www.w3.org/TR/2002/REC-xmlDSig-core-20020212/ > and <http://www.ietf.org/rfc/rfc3275.txt>.  
> 
> Indeed, XMLSIG has been a feature of every CAP version since 1.0.  And if that's not enough, there's also the existing OASIS EDXL-DE wrapper specification.
> 
> So while I'm a huge supporter of an end-to-end approach to CAP authentication, on the face of it the ESCAPE draft seems duplicative and somewhat ill-informed.  Also I fear I'm missing the point of the added "alert token" mechanism, other than to add one more maintenance task that nobody is going to want to own.
> 
> But possibly you've just leapt ahead too far for me to follow in a single bound.  What am I missing here?
> 
> - Art
> 
> 
> On Sep 10, 2012, at 8:43 PM, Richard Barnes wrote:
> 
>> Dear ATOCA,
>> 
>> In order to respond to the chairs' call for candidate alert format documents, we have put together a revision of draft-barnes-atoca-escape.  As you may recall from earlier versions, ESCAPE uses S/MIME to wrap a CAP document, in order to add authentication for alert originators (digital signature and "alert token").  
>> 
>> The changes from -00 are largely to add more explanatory text, and clarify a few things technically. We haven't translated the whole thing to JOSE (yet).  Mostly, our hope is that in reading the new version, you'll be able to envision how these secure alerts can be used to build an overall alerting system.  For example, they highlight some of the things that a discover / metadata protocol might need to provide (e.g., public keys for authorities).
>> 
>> Comments very welcome.  There's even a list of open questions at the front!
>> 
>> Thanks a lot,
>> --Richard
>> 
>> 
>> 
>> On Sep 10, 2012, at 11:38 PM, internet-drafts@ietf.org wrote:
>> 
>>> 
>>> A new version of I-D, draft-barnes-atoca-escape-01.txt
>>> has been successfully submitted by Richard Barnes and posted to the
>>> IETF repository.
>>> 
>>> Filename:	 draft-barnes-atoca-escape
>>> Revision:	 01
>>> Title:		 Encoding of Secure Common Alert Protocol Entities (ESCAPE)
>>> Creation date:	 2012-09-11
>>> WG ID:		 Individual Submission
>>> Number of pages: 17
>>> URL:             http://www.ietf.org/internet-drafts/draft-barnes-atoca-escape-01.txt
>>> Status:          http://datatracker.ietf.org/doc/draft-barnes-atoca-escape
>>> Htmlized:        http://tools.ietf.org/html/draft-barnes-atoca-escape-01
>>> Diff:            http://www.ietf.org/rfcdiff?url2=draft-barnes-atoca-escape-01
>>> 
>>> Abstract:
>>> Recipients of emergency alerts need to be able to verify that an
>>> alert they receive was issued by an authorized source.  The Common
>>> Alerting Protocol (CAP) provides a standard way of encoding alert
>>> information, but does not provide any security features that would
>>> support authentication of alert originators.  This document describes
>>> a security wrapper for Common Alerting Protocol objects to allow
>>> alerts to be signed by alert originators.
>>> 
>>> Please send feedback to the atoca@ietf.org mailing list.
>>> 
>>> 
>>> 
>>> 
>>> The IETF Secretariat
>>> 
>> 
>> _______________________________________________
>> atoca mailing list
>> atoca@ietf.org
>> https://www.ietf.org/mailman/listinfo/atoca
> 
> _______________________________________________
> atoca mailing list
> atoca@ietf.org
> https://www.ietf.org/mailman/listinfo/atoca

v2.23.0 | Report a Bug | By Email