Re: Machine Identity
Jeroen Massar <jeroen@unfix.org> Thu, 28 February 2008 17:53 UTC
Return-Path: <discuss-bounces@ietf.org>
X-Original-To: ietfarch-discuss-archive@core3.amsl.com
Delivered-To: ietfarch-discuss-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1876428C881; Thu, 28 Feb 2008 09:53:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VFSuJ8WKXkXk; Thu, 28 Feb 2008 09:53:23 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D1FDF28C5AC; Thu, 28 Feb 2008 09:53:23 -0800 (PST)
X-Original-To: discuss@core3.amsl.com
Delivered-To: discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2D7F528C1AB for <discuss@core3.amsl.com>; Thu, 28 Feb 2008 09:53:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 90WZk2fAWUv7 for <discuss@core3.amsl.com>; Thu, 28 Feb 2008 09:53:16 -0800 (PST)
Received: from abaddon.unfix.org (abaddon.unfix.org [IPv6:2001:41e0:ff00:0:216:3eff:fe00:4]) by core3.amsl.com (Postfix) with ESMTP id 3007328C4AB for <discuss@apps.ietf.org>; Thu, 28 Feb 2008 09:52:23 -0800 (PST)
Received: from [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0] (spaghetti.ch.unfix.org [IPv6:2001:41e0:ff42:b00:216:cfff:fe00:e7d0]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jeroen) by abaddon.unfix.org (Postfix) with ESMTPSA id CAD4F40202D; Thu, 28 Feb 2008 18:52:14 +0100 (CET)
Message-ID: <47C6F4D3.2070901@spaghetti.zurich.ibm.com>
Date: Thu, 28 Feb 2008 18:52:19 +0100
From: Jeroen Massar <jeroen@unfix.org>
Organization: Unfix
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080213 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: dcrocker@bbiw.net
Subject: Re: Machine Identity
References: <20080226130527.GA1404@generic-nic.net> <47C45C52.8010705@dcrocker.net> <20080228164131.GD21463@nic.fr> <47C6E694.3070101@spaghetti.zurich.ibm.com> <47C6F112.4010503@dcrocker.net>
In-Reply-To: <47C6F112.4010503@dcrocker.net>
X-Enigmail-Version: 0.95.6
OpenPGP: id=333E7C23
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enig438909844FAB0C7D9D53A448"
X-Virus-Scanned: ClamAV version 0.92.1, clamav-milter version 0.92.1 on abaddon.unfix.org
X-Virus-Status: Clean
Cc: discuss@apps.ietf.org
X-BeenThere: discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: general discussion of application-layer protocols <discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:discuss@ietf.org>
List-Help: <mailto:discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
Sender: discuss-bounces@ietf.org
Errors-To: discuss-bounces@ietf.org
Dave Crocker wrote: > > > Jeroen Massar wrote: >> Stephane Bortzmeyer wrote: >>> On Tue, Feb 26, 2008 at 10:37:06AM -0800, >>> Dave Crocker <dhc@dcrocker.net> wrote a message of 31 lines which >>> said: >>> >>>> Why isn't a Domain Name sufficient to the purpose you have in mind? >>> >>> I agree with the reasons given by Keith Moore (a machine does not >>> control its domain name). >> >> More importantly: the service can't be anonymous then. > > > 1. The stateed use is for application of policies, such as access > control. How can that be done in the face of anonymity? Anonymity in that nothing is registered and can't directly be correlated to a certain person (of course you can track IP addresses and use that etc to look in other log files etc). If you take for instance an SSH key. This SSH key 'proves' that the SSH service that has the private key, is the same one as the one you talked to last time. Still it is quite anonymous, as you don't have any hooks to domain names or other details where whois comes into play. > 2. In other words, please specify the details of anonymity that you > require. Nothing is truly anonymous, ever. If somebody wants to find out who you are they will find out, if you like it or not. > 3. Please look at: > > <http://dkim.org/specs/draft-ietf-dkim-overview-09.html> > > specifically sections 3.1.5, That is what I meant with 1) DKIM indeed 'comes up' with a pub/priv keypair out of thin air, like SSH. When you talk to the host again you do know that you are talking to the same host and not a different one, but they are still anonymous. Greets, Jeroen
- Re: Machine Identity Dave Crocker
- Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity der Mouse
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Keith Moore
- Re: Machine Identity der Mouse
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Keith Moore
- Re: Machine Identity Keith Moore
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Keith Moore
- Re: Machine Identity Miika Komu
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Juergen Schoenwaelder
- Re: Machine Identity Miika Komu
- Re: Machine Identity Juergen Schoenwaelder
- Re: Machine Identity Balazs Lengyel
- Re: Machine Identity Miika Komu
- Service Identity (Re: Machine Identity) Jeroen Massar
- RE: Service Identity (Re: Machine Identity) David Harrington
- Re: Service Identity (Re: Machine Identity) Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Dave Crocker
- Re: Service Identity (Re: Machine Identity) Juergen Schoenwaelder
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Service Identity (Re: Machine Identity) Jeroen Massar
- Re: Machine Identity Stephane Bortzmeyer
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity Miika Komu
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Dave Crocker
- Re: Machine Identity Frank Ellermann
- Re: Machine Identity Jeroen Massar
- Re: Machine Identity der Mouse
- Re: Service Identity (Re: Machine Identity) Dave Crocker