IETF Logo Mail Archive

Re: [atoca] New Version Notification for draft-barnes-atoca-escape-01.txt

Andrew Chi <achi@bbn.com> Wed, 12 September 2012 15:41 UTC

Return-Path: <achi@bbn.com>
X-Original-To: atoca@ietfa.amsl.com
Delivered-To: atoca@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45F5121F8535 for <atoca@ietfa.amsl.com>; Wed, 12 Sep 2012 08:41:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QB+WfSX356LP for <atoca@ietfa.amsl.com>; Wed, 12 Sep 2012 08:41:51 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id C51F621F8534 for <atoca@ietf.org>; Wed, 12 Sep 2012 08:41:51 -0700 (PDT)
Received: from dhcp89-089-139.bbn.com ([128.89.89.139]:62691 helo=[127.0.0.1]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <achi@bbn.com>) id 1TBp4S-000CQD-DL; Wed, 12 Sep 2012 11:41:44 -0400
Message-ID: <5050AD37.2020302@bbn.com>
Date: Wed, 12 Sep 2012 11:41:43 -0400
From: Andrew Chi <achi@bbn.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20120713 Thunderbird/14.0
MIME-Version: 1.0
To: Brian Rosen <br@brianrosen.net>
References: <20120911033801.16598.18619.idtracker@ietfa.amsl.com> <886749D5-885D-471F-A0B7-32DE09C69C5E@bbn.com> <D474DF1E-470D-4B75-AB5B-17C3471A49A9@brianrosen.net>
In-Reply-To: <D474DF1E-470D-4B75-AB5B-17C3471A49A9@brianrosen.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: atoca@ietf.org
Subject: Re: [atoca] New Version Notification for draft-barnes-atoca-escape-01.txt
X-BeenThere: atoca@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for the IETF Authority-to-Citizen Alert \(atoca\) working group." <atoca.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/atoca>, <mailto:atoca-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/atoca>
List-Post: <mailto:atoca@ietf.org>
List-Help: <mailto:atoca-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/atoca>, <mailto:atoca-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2012 15:41:52 -0000

On 9/11/2012 2:11 PM, Brian Rosen wrote:
> I am less enthused about the token mechanism... What this feels like is a one time password

Yep, I agree with Brian that the token system needs some work, both in 
terms of distribution as well as figuring out what to do with 
intermediaries (perhaps they don't participate in the token system?).

Distribution might be made a little simpler by using a system akin to 
Leslie Lamport's One-Time-Password (OTP) scheme (RFC2289) where each 
successive token is the hash-preimage of the previous token.  This would 
enable recipients to store only a single hash per originator (i.e. 
government agency).

-Andrew

v2.23.0 | Report a Bug | By Email