Re: [Danish] Proposed WG Charter
Ash Wilson <ash.wilson@valimail.com> Mon, 14 June 2021 21:13 UTC
Return-Path: <ash.wilson@valimail.com>
X-Original-To: danish@ietfa.amsl.com
Delivered-To: danish@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F3983A0CDC for <danish@ietfa.amsl.com>; Mon, 14 Jun 2021 14:13:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SwjsG5VJk0xF for <danish@ietfa.amsl.com>; Mon, 14 Jun 2021 14:13:23 -0700 (PDT)
Received: from mail-qv1-xf35.google.com (mail-qv1-xf35.google.com [IPv6:2607:f8b0:4864:20::f35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1A81A3A0CDB for <danish@ietf.org>; Mon, 14 Jun 2021 14:13:22 -0700 (PDT)
Received: by mail-qv1-xf35.google.com with SMTP id e18so21226390qvm.10 for <danish@ietf.org>; Mon, 14 Jun 2021 14:13:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=9Qz9GVKRb4pwEdHKTz33jZ7QbqiEpYn5yjSh4Zwttx0=; b=XOsWtw0gEx7nAMk2HuPoaatTnvF2vzNuXhU26xSeyRijdA4bzxENrW2uW98LxhCgqi SKuICSwop9Gx5yD3e1fRi75VSiB5mVZ8fyB5xrpsqhP32A8WhGwuO9U4SYiMRzNvrcDK KEeYLpVWCqvRLXCI8NILTq4gq5HAz83/eI9a2IGRE4Qu0AXS5YBuN9zQR5hFg0r73Nw2 TMA6pzGT5QFQKTrjYTByM6i+PwWLjJsrSYDs7JnFifwDUsZOBxst8lAHJmB48GXo9rqi Eaxs/3cxXDZmqpaFiEvbrbMbKI1Sa6U64R0jD//W8JmIaygrVf2wNj5xe/Gv2av34CfC MzeA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=9Qz9GVKRb4pwEdHKTz33jZ7QbqiEpYn5yjSh4Zwttx0=; b=Gj8aIwwIRekYUi1Tj8uMAnVo2LIkRVx+7r7foImjUa479mlX8cmlQOo0QJt50ycKQW m4wkiiflVxyL91agXA/Y3mSCDtqp8b9jWcTo5mItRJKPR91eljH5ff1NsKvKZveX1XtC 6pL8O9LHaXHhmSQekrvopF2VMSSt+8y97laYeKGAoaDwJoId3EG3D/wgSUrWqhxSVrdr d6lomEbG7MFUbsdWaGU1sZAHTJ/6Fc4UAJYBMrM2gO5yd499ao9ra/XVga250hkF12v3 i+aGNy9kNPxiKBmSbZPSfZZjrqCYerckMs9Z2l5P24WZXluGeXmrbsp0YwVlb6NLE/hL Co9Q==
X-Gm-Message-State: AOAM533UVHTUuGvFyLN4P1k78RJwySayrtpvaF1CRmG3cDvuKtkv/qQ8 7AiyBS/+/QsSB8c2pF7EsRX+lTY3FaHIUzyGiC8S6LremO4=
X-Google-Smtp-Source: ABdhPJwCkp8krlk/d9MDR+g0JOXn7GXg/zFFyVfvMFQKtRzaobkaGrkZapwE6LMTDhoYgpR2FwbN55vFDszePhRxWyc=
X-Received: by 2002:a05:6214:334:: with SMTP id j20mr1164954qvu.7.1623705201309; Mon, 14 Jun 2021 14:13:21 -0700 (PDT)
MIME-Version: 1.0
References: <YMZwG/l/pne2tHJF@straasha.imrryr.org> <A7723DDA-3B78-46AD-9449-B6DF7F211706@nohats.ca> <CAEfM=vSd7CuK58W=eX86GYaxKKBfOs8z1mnQQVXnrXf9x-co0g@mail.gmail.com>
In-Reply-To: <CAEfM=vSd7CuK58W=eX86GYaxKKBfOs8z1mnQQVXnrXf9x-co0g@mail.gmail.com>
From: Ash Wilson <ash.wilson@valimail.com>
Date: Mon, 14 Jun 2021 14:13:10 -0700
Message-ID: <CAEfM=vQ=y1qJsKq8r2G87P5SKUjJ+rsDzN5DFHBj7xWSeNxn0w@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>, danish@ietf.org
Content-Type: multipart/alternative; boundary="000000000000be8cef05c4c0532f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/danish/WNaRMlifeoad_Kw3ltQpQriQBOA>
Subject: Re: [Danish] Proposed WG Charter
X-BeenThere: danish@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <danish.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/danish>, <mailto:danish-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/danish/>
List-Post: <mailto:danish@ietf.org>
List-Help: <mailto:danish-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/danish>, <mailto:danish-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2021 21:13:29 -0000
Sorry, meant to reply to the list. On Mon, Jun 14, 2021 at 2:05 PM Ash Wilson <ash.wilson@valimail.com> wrote: > Hi Paul, > > Very often, mobile data used for IoT ends up going into a message broker > or message queueing system, and the central application subscribes or > otherwise consumes information from the messaging middleware. Without some > sort of verifiable sender identity attached to the message itself, the > identity of the sender and the integrity of the message is assumed based on > the integrity of all middleware involved in passing messages. If we include > the sender's DNS name in the message and protect it with a signature, then > it may be verified by the central application, independent of the transport > over which it arrives. Then, mobile data network authentication becomes > more about protecting availability and performance than preventing > impersonation in a message-oriented application. Use cases centering around > mobile network identities are a little more nuanced, and the available > mechanisms can vary based on the mobile operator's tech stack. That's > probably a better conversation for 3GPP. > > Consider that if a messaging middleware platform is trusted by multiple > sophisticated smart cities applications, and none of those applications > implement message authentication, the messaging middleware platform itself > becomes an attractive target for a well-resourced adversary. Simply signing > the messages passing through the system removes the pressure on the broker > to ensure integrity, and reduces the value of a compromised broker. > > On Sun, Jun 13, 2021 at 3:22 PM Paul Wouters <paul@nohats.ca> wrote: > >> On Jun 13, 2021, at 16:52, Viktor Dukhovni <ietf-dane@dukhovni.org> >> wrote: >> > >> > On Sat, Jun 12, 2021 at 08:25:07AM -0700, Ash Wilson wrote: >> > >> >> This is the final text for the proposed charter. We are seeking >> >> support for the formation of the working group, as well as support for >> >> implementation, adoption, and documentation efforts. >> > >> > I see that others have commented positively on the charter, and yet >> > somehow for me it seems rather muddled. It is not clear to me what >> > the motivating use-cases really are, nor how DANISH would resolve >> > the key difficulties in those use-cases. >> >> Same here. I did give feedback in the past already but especially the >> “client verification with and without dnssec” seem to be two widely >> different problems. And the one without dnssec (webpki) already exists ? >> >> > Extending DANE to client auth is certainly an option for "devices" that >> > one might reasonably want to register in DNS. >> >> I have given this some thought in the last few weeks and I haven’t been >> able to find a use case where one actually wants client authentication >> using some IoT device on mobile data network. All use cases I can think of >> would not want to expose the client via public dnssec key registry or via >> public CA certs. I’d love to hear an example practical use case for DANISH. >> >> Paul >> -- >> Danish mailing list >> Danish@ietf.org >> https://www.ietf.org/mailman/listinfo/danish >> > > > -- > > *Ash Wilson* | Technical Director > *e:* ash.wilson@valimail.com > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > -- *Ash Wilson* | Technical Director *e:* ash.wilson@valimail.com This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [Danish] Proposed WG Charter Ash Wilson
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Viktor Dukhovni
- Re: [Danish] Proposed WG Charter Paul Wouters
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Paul Hoffman
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Ash Wilson
- Re: [Danish] Proposed WG Charter Ash Wilson
- Re: [Danish] Proposed WG Charter Ash Wilson
- Re: [Danish] Proposed WG Charter Ash Wilson
- Re: [Danish] Proposed WG Charter Viktor Dukhovni
- Re: [Danish] Proposed WG Charter Viktor Dukhovni
- Re: [Danish] Proposed WG Charter Shumon Huque
- Re: [Danish] Proposed WG Charter Viktor Dukhovni
- Re: [Danish] Proposed WG Charter Viktor Dukhovni
- Re: [Danish] [EXT] Re: Proposed WG Charter Jacques Latour
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Ash Wilson
- Re: [Danish] Proposed WG Charter Ash Wilson
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Ash Wilson
- Re: [Danish] Proposed WG Charter Paul Wouters
- Re: [Danish] Proposed WG Charter Paul Wouters
- Re: [Danish] Proposed WG Charter Viktor Dukhovni
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Roman Danyliw
- Re: [Danish] Proposed WG Charter Michael Richardson
- Re: [Danish] Proposed WG Charter Jacques Latour