Re: [Lake] Credentials, Trust, Authentication, and Authorization
Marco Tiloca <marco.tiloca@ri.se> Tue, 07 February 2023 18:43 UTC
Return-Path: <marco.tiloca@ri.se>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4461DC16B5D6 for <lake@ietfa.amsl.com>; Tue, 7 Feb 2023 10:43:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.487
X-Spam-Level:
X-Spam-Status: No, score=-1.487 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMJMOYsfDOuR for <lake@ietfa.amsl.com>; Tue, 7 Feb 2023 10:43:31 -0800 (PST)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-bl2nam06on0619.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe55::619]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC730C159A1D for <lake@ietf.org>; Tue, 7 Feb 2023 10:43:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=km9Wt3dQEbwKGB67N449FvpjuWpbTvEYKJZydNKoQGtV/BdZEkhYtysE0X0x/RzJGuUnliFPBkPDBEtYikp50FM1r4srUcBOyG/CtFTkjVffMIs4Yrz7fNaeYDgIrRjd7gF1bdI18Kdbq7tOy0JH24uG2hFjAhSjtx/5b3/0Hh8aYn5Zm/TH9lLy4q2ITxgFaXUksLjFD6ts/tPfwkbh4E8gPcYsRYnZAH6xXXo0TXSy1lsGwHQE7ASiIiD4E8SAdkC7kgo795rzqiz/Ddj6FYjaXzDBAxttpeI9UgJ37mK91BcMkv4IzMqddWYE7z7Po7UBQ8Tt/Av5Rrc5Kl2v6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UrDE8jgWHJQ9aYB+VS7zGi4aE/QV+Cl2nIn1oXf5r8I=; b=Roe0WH2ZzVs4vOpWw8BSQ+YtPDdbl2dhzseOyqDa6UPFoA7Vnpn2t7i9PCwGNPp3AYn5dkMvmyLi4K4mXJ20mtiauup0G2RYa96JF4K8hhVcKWD7YtBdplr6qqR62RR3POpGcrDhEnsiZyxSZBjr/iQm7fSrpnAN0O+0MqCqIewKQb8YSIstLjDrvPVd2uA4gKz7AwbCBnc6e/sZ+ZXx7RGvwyIy+Zt8+XiHJK5ncvrmByQ8PtFElkxPVno74d0gmlsI4nfgc3KSYQFGmMw/FH4UPsZsxG1u8NjjEA8LsfwzrnT42PlyL4ZmH5QhWzHbi4JXx3bBgBHbivKXb3/kwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17) by GV2PPFEB5003AD3.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.24; Tue, 7 Feb 2023 18:43:26 +0000
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::c92:6f2f:7738:ed9b]) by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::c92:6f2f:7738:ed9b%9]) with mapi id 15.20.6064.036; Tue, 7 Feb 2023 18:43:25 +0000
Message-ID: <364fe74c-34fb-4b1b-3f9d-3a83c969e8be@ri.se>
Date: Tue, 07 Feb 2023 19:43:24 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
To: Carsten Bormann <cabo@tzi.org>, lake@ietf.org
References: <31C4B3A0-A774-4672-A4AA-74CF57DC0536@tzi.org>
Content-Language: en-US
From: Marco Tiloca <marco.tiloca@ri.se>
In-Reply-To: <31C4B3A0-A774-4672-A4AA-74CF57DC0536@tzi.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------BeMg6RLxyHjlPSbqHSWVZiOw"
X-ClientProxiedBy: GVYP280CA0043.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f9::18) To GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GVYP280MB0464:EE_|GV2PPFEB5003AD3:EE_
X-MS-Office365-Filtering-Correlation-Id: 70651b6d-44d5-43b3-8a4d-08db093b3269
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HrWsGRv122/vZ+mgtFpSmd0eBJblOwHDdjf3nkjNIRKpMthWDa2Q84DJeWtDl7mMhpC4xPO7+FZvVzkAbCFRzQt6q58qZUsIKkwAbYPRXyYkHwMId8LZa26IjpGgSNycWl/wm9a2ZWjkCF7m/V6kO3FeL/lKlxRoAKL90GLvtxAeEA8ldW3kjLfT8pT1kqcNm3R/akbDasZOJXeSakJ0fl6Zsze1Htr/B6ND9MK5JGyUyUABlp3jd+GR5XkxsdNN2y23g5XswJKGc+2fxG61Ckpm8+UG7B4MEng5dpLcZnG5paj8FcWlaJMcmtfbBayCJXjU13/7VimNunV9gZsGOtvl7Eif9QwlVsBIf2BV9/vAxvRlLCXEepHPNBmAfxt0tNzwbmubJCMf0yRnsAdRp3HyvzetWX81g7SZCr/zi2XI1ZN7+qDGYETZrLdNLFvpn44Sz8HO2vDZxfKQbCvkrZftRZJJanJWu4ZSkaQpyr8wwNaMkNz3Qpo5bsiNrWXRObOp2MxRGrrG5V+jokWDJH5J0j2CBj9ZGpnorXQwQR4to4MUk/xOeMxx2T8MIGxmHteG8jCh73R6rm/agcfsaGzj6a7YLoP75w8NMEaHHKlx7/p/CCLICsBgcqwGzkQs89mv577r95TewdCVxJoDQ1GjRG7pmdofUdCWV8ZnEpcwj/WAGrvxopzP9Ut95D1ldFoYTvsP1fQj9fpNh9jrgpEd+YdliVsWmxJHkfTDsk5jZhAjDdN4Ph/Wh32p0S/Bvd1zTINNLzGDgb/aF5jA6A==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230025)(4636009)(136003)(376002)(346002)(39850400004)(396003)(366004)(451199018)(31686004)(478600001)(66556008)(8936002)(5660300002)(316002)(44832011)(235185007)(26005)(38100700002)(33964004)(66476007)(36756003)(966005)(53546011)(41300700001)(6486002)(166002)(21480400003)(83380400001)(6506007)(66946007)(6512007)(8676002)(31696002)(2906002)(55236004)(86362001)(186003)(2616005)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Gq1Y759ATDW7RXJ4Xwf2zs8ZpFPI1atSqNql6mzcdf/+4VGSe/tmViXr3/XONt8OEbZMC17k/baXNroqrAtbCCWQhCN4ACcTGwpau8xk6gVfAE0FmT02DXSJYZyy2sMkfBwBQPSxjmWzN81AWbResHOrNDy80xAxkYGXAtwXwpa9k5qzBEldCrY37wUwiCwjwB4WUFHkKfEE3rxPLYOO6rerOXLA/Pqsh7r++mSLoM2SiqhgSY93BnDoctQek6zLbWx72e6+sSF70zj8q6P8MZvUY2S6hT8+zs0ktBkkrcA1zMpJkdQLsugUB53i/PEqZwvsNOHPnJJpiZxgAWoLMkIteqPnB4C6uyQ/vIlx/2XiAsS/lZXQPdUnwiopVvUXepsaGnFJxOoGKpYxtR6SirGzJTcYJVyf0cVAj/tTfJSqFsTBOk5iTc59Wx9rGptaVQrDj2afHyozcaycnkgDTTQOkubW2k4wTVyrl48qDwgQCkUeJ6t46jrchNWQ/n+mZRGw5igxTK11FF+ryjl2kiICp49lmBE5AplALJPbTUOxRj+BGeu3Al6xC7nq0jhfwJ7ggNCP/2vco0IZ+Go+HZ7NMIzwKiw3D5IHIEUiIlDHN/cYfPO2tciXfUgEIU2XNFaYRjum1MbFhEX8o8DNxDat2CIaRA2oIUDH+sNfHpDyibGKWmbG/lOwuCzt5HBYNByGft9RKZFYxK5TOJiN9xlbT8AT/dKMeZIWYa1WxDAUdQWCRLRmp3EScnM7C50QqcWKO2amnespQ79g3zNf6FWI5oyC5R5gvZA1PEQj11ZwFUTWBk+VxOrTDMojvX8Bn7RoqiezCfQJmEzW8dg6zL+zC6dOKJIekFMRpCp1pqvy0Jr/HuSGnHe6xnF9uUHjnqJ6Bf4tIBaiWJoDkwKmi3atPTQ6GAmdJV0MgtuldcN94+Z1+O/1GgMBfxTL9SiN1Zc5iat62Yofyyds5OQs/w5Z/Uu5jr9aBEopNKbi0f30zoIRhXJRnLz4uUo6ujAeW+QhiKfWuw2H1rx1i1ybS85qn28EFHiQs8c1jQE0NwkTr9pqNdnVr45hj1DCfQMO2p3OgAqgk+9adj1PFtD5eYoNy6AlVFg5//xFUEIHOdVFnPgvRZ4UWU3wjM+EFjTCZhR3IaxlvxepKRWtPa0lt9JpLtuvoDOXTALsanTMVJiHOxFmGoWDsUM6tuslDWoSrE6ad98ZpeFJ8Neq+VJN9pP+wzcHeJerfab8je6co20jaDhZjDy8ezFT3xhebsrecES6bcsfh7RX4/x2RIX4glRkXS1OIGbMFcIXqlJSyqvdpPm+vwSTOeqUDOTWegYADek6ogfM2wP+ZIanpejpF/exblMlUXL591A41qT37tCgaRl5Chnt8BXFxxkRnFxzOqcg1k8IsO+z+xIxHrPBJFm7lHfTeRxEdelLJHQA7VTQV8DvIurpC79V7ZPAHWB510sWMKW95VrQ7gFxhEgLwUw84FYRfF4cd5SEGfVsmvXoKHCwHsRLl3iqbEmvqNH7Ao4QI6oPnKuPc+ODW+fbPD//QSsw1U8TCqkMwzvhi7mBSNOJ+QU6oF2+Dm+H48l9
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 70651b6d-44d5-43b3-8a4d-08db093b3269
X-MS-Exchange-CrossTenant-AuthSource: GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2023 18:43:25.8585 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Eu+9wGACcp/JZqqHP39q942XN9wBPSbsask1YlyFEbagyM1YQap9Cr+KYK11W/kN4JSe2ahBbj+Rv9ihLGv1nA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PPFEB5003AD3
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/SxZl_NtwJPuv533Og5aJ5H47kaI>
Subject: Re: [Lake] Credentials, Trust, Authentication, and Authorization
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 18:43:37 -0000
Thanks, Carsten! Yes, it is about "trusting credentials". Maybe the full expression "trusting authentication credentials" creates confusion. I can see the relation with authorization. When you say "previous authentication identity", do you refer to an entity that vouches for an authentication credential to be acceptable for a peer that receives it as new during EDHOC? If so, different trust models can reflect different previous authentication identities and what they are expected to do. This can include the trusted entity that pre-provides an EDHOC peer with the authentication credential to trust, or instead with at least a corresponding identifier. Best, /Marco On 2023-02-07 18:56, Carsten Bormann wrote: > In Marco’s presentation today, I was a bit confused by this discussion focusing on authentication, when it really is about “trusting credentials”, which is a matter of authorization (is a new authentication identity authorized to speak for a previous authentication identity?). > > Grüße, Carsten > -- Marco Tiloca Ph.D., Senior Researcher Phone: +46 (0)70 60 46 501 RISE Research Institutes of Sweden AB Box 1263 164 29 Kista (Sweden) Division: Digital Systems Department: Computer Science Unit: Cybersecurity https://www.ri.se
- [Lake] Credentials, Trust, Authentication, and Au… Carsten Bormann
- Re: [Lake] Credentials, Trust, Authentication, an… Marco Tiloca