IETF Logo Mail Archive

Re: [cnit] CNIT Charter bashing..

Eric Burger <eburger@standardstrack.com> Thu, 28 May 2015 02:12 UTC

Return-Path: <eburger@standardstrack.com>
X-Original-To: cnit@ietfa.amsl.com
Delivered-To: cnit@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 516C01A892E for <cnit@ietfa.amsl.com>; Wed, 27 May 2015 19:12:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.689
X-Spam-Level: *
X-Spam-Status: No, score=1.689 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779, T_DKIM_INVALID=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HLimFX-eMWz3 for <cnit@ietfa.amsl.com>; Wed, 27 May 2015 19:12:04 -0700 (PDT)
Received: from biz104.inmotionhosting.com (biz104.inmotionhosting.com [74.124.215.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 085D41A891E for <cnit@ietf.org>; Wed, 27 May 2015 19:12:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=standardstrack.com; s=default; h=To:References:Message-Id:Date:In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=5wI0kq0q9ynw170ADQw7a/ot5MYJbp6SEuccdJq5t6I=; b=cD2gj6u6bSk//2X6hz7Z2xmX8G/Av74+ymxNu53q5m1aBZJ/ChCfDASZesB8VYNGG/m9742tc6VZhhpbFuHH7SiAxqzyJ2wRFRlsA5b9FxzxgRzAWnpRhLDSGbhKrdI3gnNDe1RVjNfgcPAeJaTAqLI+yhkB4f0ZSczNcEiDnVY=;
Received: from [70.166.72.189] (port=59508 helo=[10.48.4.81]) by biz104.inmotionhosting.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.82) (envelope-from <eburger@standardstrack.com>) id 1YxnIe-0007v7-HN for cnit@ietf.org; Wed, 27 May 2015 19:12:03 -0700
Content-Type: multipart/signed; boundary="Apple-Mail=_7CC75EC6-3A96-44C3-87C3-6AFEC4F26DD7"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
X-Pgp-Agent: GPGMail 2.5b6
From: Eric Burger <eburger@standardstrack.com>
In-Reply-To: <D1890314.25B94%richard@shockey.us>
Date: Wed, 27 May 2015 22:11:58 -0400
Message-Id: <D52BE1C0-20EA-40A0-A0CC-28197574E0BB@standardstrack.com>
References: <D13EDE15.22E45%richard@shockey.us> <CAHBDyN7KX9dPTHiuWGk-yqqkDt+LYqnDwY_pBWpnLdJFCMvPeg@mail.gmail.com> <CAHBDyN5KZpiA4bU_gvcB+Wk0Bv9AS0+bvU9OsCS3OpMDbUGchA@mail.gmail.com> <D1890314.25B94%richard@shockey.us>
To: cnit@ietf.org
X-Mailer: Apple Mail (2.2098)
X-OutGoing-Spam-Status: No, score=-2.9
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - biz104.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - standardstrack.com
X-Get-Message-Sender-Via: biz104.inmotionhosting.com: authenticated_id: eburger+standardstrack.com/only user confirmed/virtual account not confirmed
Archived-At: <http://mailarchive.ietf.org/arch/msg/cnit/spjVrVYa_o53r6g-KM3Prlm-5kA>
Subject: Re: [cnit] CNIT Charter bashing..
X-BeenThere: cnit@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Calling Name Identity Trust discussion list <cnit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cnit>, <mailto:cnit-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cnit/>
List-Post: <mailto:cnit@ietf.org>
List-Help: <mailto:cnit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cnit>, <mailto:cnit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2015 02:12:05 -0000

On May 25, 2015, at 5:31 PM, Richard Shockey <richard@shockey.us> wrote:
> 
> From: Mary Barnes <mary.ietf.barnes@gmail.com <mailto:mary.ietf.barnes@gmail.com>>
> Date: Friday, May 22, 2015 at 12:58 PM
> Attached is what I have at this point. Really, the only thing I'm struggling with is the milestones as I don't think we can request publication of the data object and headers without having defined the trust model.
> 
> 
> RS> Mary I’m not sure about that statement. I can certainly anticipate several deployment models where the trust mechanism (aka signing) does not need to be formally integrated in the solution especially those where the exchange of data is more bi-lateral and the trust mechanism is at lower layers of the stack than the signaling. My initial concern  is what is the header and what is the data object(s) carried in the header. How the CNIT data is created should not be our concern.

I do not buy it. If there are private agreements between service providers, they have private agreements. They can do whatever they want.

Last I looked, this is the Internet Engineering Task Force. Assume untrusted transport across the wide open Internet, and trust no endpoint that cannot cryptographically prove who they are. If it happens two service providers exchange CNIT data over a single, yellow cable, then it is a benefit that no state-sponsored security service can listen in on the cable.

I do not want to take three years to build a protocol and two more years after that for products to be available just to have a system that only works in walled gardens. I do not want to be the person that has to explain to the media why Calling Name Delivery is just as broken as it always was and it will be another five years before the world sees a real solution.

Let us get this right the first time.
[snip]

v2.23.0 | Report a Bug | By Email