IETF Logo Mail Archive

Re: [cnit] [stir] draft-peterson-stir-threats-00.txt

Brian Rosen <br@brianrosen.net> Thu, 07 November 2013 17:36 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: cnit@ietfa.amsl.com
Delivered-To: cnit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4FCB11E818D for <cnit@ietfa.amsl.com>; Thu, 7 Nov 2013 09:36:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.598
X-Spam-Level:
X-Spam-Status: No, score=-103.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UqPcHLbWyP09 for <cnit@ietfa.amsl.com>; Thu, 7 Nov 2013 09:36:43 -0800 (PST)
Received: from mail-qc0-f179.google.com (mail-qc0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id D752E11E8149 for <cnit@ietf.org>; Thu, 7 Nov 2013 09:36:42 -0800 (PST)
Received: by mail-qc0-f179.google.com with SMTP id k18so698308qcv.24 for <cnit@ietf.org>; Thu, 07 Nov 2013 09:36:39 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=x5uzqivUQfvyBiDhdBdIj6Oje9NxSD5KA+jXAlf+7nQ=; b=jdbDtoiXWdpDJtD6J/bMwLi04ct7YIfZHnrLre/eUAvP63Whmz9GeXAM1K/kcCgIku wiQ9RjzggW22m1LpjJ7z6ohv2Y7D/Sks4D/eo+7UMH19O4DRxfxs0aOeV2d4Lp8uSAhy g3bGcEdG5/9Q6OmNg/7Lk4m4QRdcDitLPs6BfoiIpv1XObJVzoVFlA7EOQpghPlogOpq FP79kWkgAZXfL0j4UtibHI1bpDJ67ZgY/wJmEFhdkZq8kvDniLlrmHkAAYcrkCZQ5uyZ 2gyqY8k5KITGGy+Btw/Ll97Xx2uSVPuCKTLEFPPehif5IMCVYkWSIHWyxySTr9Mu/oYI SO6Q==
X-Gm-Message-State: ALoCoQk0yRH05fIYT7xPRI7QaVvOW0w/mqDlFTRP338GrvJr1ToAKtQulF6YrA4+8j8ywaOvzHK8
X-Received: by 10.49.17.98 with SMTP id n2mr14928353qed.61.1383845799482; Thu, 07 Nov 2013 09:36:39 -0800 (PST)
Received: from wireless-a-v6.meeting.ietf.org ([2001:67c:370:176:9d97:144b:5e61:753]) by mx.google.com with ESMTPSA id r5sm9638671qeh.1.2013.11.07.09.36.37 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 07 Nov 2013 09:36:38 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_BD7413B8-CF2E-46DB-BB3E-FFC9F29C022E"
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1816\))
From: Brian Rosen <br@brianrosen.net>
In-Reply-To: <527BCB5F.1080001@bbn.com>
Date: Thu, 07 Nov 2013 09:36:34 -0800
Message-Id: <2E8BE11E-4010-4BFE-9FD1-3ABE04E2265B@brianrosen.net>
References: <B4C06A5710F0ED4583B3CF5E9C6B21D855159DAC@PDAWM10A.ad.sprint.com> <CE9EE40A.2DA2E%fmousinh@cisco.com> <013601cedaf3$a05d72f0$e11858d0$@shockey.us> <0FDE6309-92B1-4031-AF72-2EDC11A5FE9E@brianrosen.net> <02e301cedb34$af790790$0e6b16b0$@shockey.us> <8285AA4C-2E08-46F7-B3A3-892FF793486E@brianrosen.net> <B4C06A5710F0ED4583B3CF5E9C6B21D85515B88F@PDAWM10A.ad.sprint.com> <E6A16181E5FD2F46B962315BB05962D01FC237B6@fcc.gov> <527BCB5F.1080001@bbn.com>
To: Stephen Kent <kent@bbn.com>
X-Mailer: Apple Mail (2.1816)
Cc: cnit@ietf.org
Subject: Re: [cnit] [stir] draft-peterson-stir-threats-00.txt
X-BeenThere: cnit@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Calling Name Identity Trust discussion list <cnit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cnit>, <mailto:cnit-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cnit>
List-Post: <mailto:cnit@ietf.org>
List-Help: <mailto:cnit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cnit>, <mailto:cnit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Nov 2013 17:36:47 -0000

Yes, but we might be able to thread certification of various aspects to a single identity that we can use to coalesce the information.

That identity COULD be the phone number (using proof of possession), but I suspect that isn’t quite enough.

Brian

On Nov 7, 2013, at 9:18 AM, Stephen Kent <kent@bbn.com> wrote:

> Henning,
> 
>> As a thought experiment, Kumiko Ono and I had published a draft
>>  
>> http://tools.ietf.org/html/draft-ono-dispatch-attribute-validation-00
>>  
>> to allow third parties to validate property information. If the validating party (e.g., a bank regulator) is willing to sign a certificate, similar in spirit to the framed gold-leaf diplomas in your dentist’s office or, more lowly, to the health departments rating in a restaurant window, and it can be tied to a phone number, this shouldn’t be too hard.
>>  
>> It’s a bit harder if the certifying authority (regulator, Realtor board, local bar association, …) is not involved.
> The tricky part is ensuring that a certificate (using the term broadly) issued by some
> organization is not interpreted by relying parties as meaning more than it should.
> 
> It is not clear to me that most entities are good choices for the binding of a name
> to a phone number. In part this is because these entities do not consider the phone
> number to be a critical aspect of the attributes for which they vouch.
> 
> My dentist's diploma is valid irrespective of the location (much less the phone number)
> for his office. BTW, as the geographic boundaries for area code change, phone numbers
> change. My home didn't move and it took a while for many of the records held by other 
> parties to be updated. So, no, I would not rely on many parties of the sort you seem to suggest,
> to issue a credential binding my name to a phone nmber
> 
> Steve
> _______________________________________________
> cnit mailing list
> cnit@ietf.org
> https://www.ietf.org/mailman/listinfo/cnit

v2.23.0 | Report a Bug | By Email