IETF Logo Mail Archive

Re: [Lake] Credentials, Trust, Authentication, and Authorization

Marco Tiloca <marco.tiloca@ri.se> Tue, 07 February 2023 18:43 UTC

Return-Path: <marco.tiloca@ri.se>
X-Original-To: lake@ietfa.amsl.com
Delivered-To: lake@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4461DC16B5D6 for <lake@ietfa.amsl.com>; Tue, 7 Feb 2023 10:43:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.487
X-Spam-Level:
X-Spam-Status: No, score=-1.487 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, T_SPF_TEMPERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMJMOYsfDOuR for <lake@ietfa.amsl.com>; Tue, 7 Feb 2023 10:43:31 -0800 (PST)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-bl2nam06on0619.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe55::619]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC730C159A1D for <lake@ietf.org>; Tue, 7 Feb 2023 10:43:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=km9Wt3dQEbwKGB67N449FvpjuWpbTvEYKJZydNKoQGtV/BdZEkhYtysE0X0x/RzJGuUnliFPBkPDBEtYikp50FM1r4srUcBOyG/CtFTkjVffMIs4Yrz7fNaeYDgIrRjd7gF1bdI18Kdbq7tOy0JH24uG2hFjAhSjtx/5b3/0Hh8aYn5Zm/TH9lLy4q2ITxgFaXUksLjFD6ts/tPfwkbh4E8gPcYsRYnZAH6xXXo0TXSy1lsGwHQE7ASiIiD4E8SAdkC7kgo795rzqiz/Ddj6FYjaXzDBAxttpeI9UgJ37mK91BcMkv4IzMqddWYE7z7Po7UBQ8Tt/Av5Rrc5Kl2v6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UrDE8jgWHJQ9aYB+VS7zGi4aE/QV+Cl2nIn1oXf5r8I=; b=Roe0WH2ZzVs4vOpWw8BSQ+YtPDdbl2dhzseOyqDa6UPFoA7Vnpn2t7i9PCwGNPp3AYn5dkMvmyLi4K4mXJ20mtiauup0G2RYa96JF4K8hhVcKWD7YtBdplr6qqR62RR3POpGcrDhEnsiZyxSZBjr/iQm7fSrpnAN0O+0MqCqIewKQb8YSIstLjDrvPVd2uA4gKz7AwbCBnc6e/sZ+ZXx7RGvwyIy+Zt8+XiHJK5ncvrmByQ8PtFElkxPVno74d0gmlsI4nfgc3KSYQFGmMw/FH4UPsZsxG1u8NjjEA8LsfwzrnT42PlyL4ZmH5QhWzHbi4JXx3bBgBHbivKXb3/kwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ri.se; dmarc=pass action=none header.from=ri.se; dkim=pass header.d=ri.se; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ri.se;
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17) by GV2PPFEB5003AD3.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.24; Tue, 7 Feb 2023 18:43:26 +0000
Received: from GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::c92:6f2f:7738:ed9b]) by GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM ([fe80::c92:6f2f:7738:ed9b%9]) with mapi id 15.20.6064.036; Tue, 7 Feb 2023 18:43:25 +0000
Message-ID: <364fe74c-34fb-4b1b-3f9d-3a83c969e8be@ri.se>
Date: Tue, 07 Feb 2023 19:43:24 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1
To: Carsten Bormann <cabo@tzi.org>, lake@ietf.org
References: <31C4B3A0-A774-4672-A4AA-74CF57DC0536@tzi.org>
Content-Language: en-US
From: Marco Tiloca <marco.tiloca@ri.se>
In-Reply-To: <31C4B3A0-A774-4672-A4AA-74CF57DC0536@tzi.org>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------BeMg6RLxyHjlPSbqHSWVZiOw"
X-ClientProxiedBy: GVYP280CA0043.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:f9::18) To GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM (2603:10a6:150:37::17)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GVYP280MB0464:EE_|GV2PPFEB5003AD3:EE_
X-MS-Office365-Filtering-Correlation-Id: 70651b6d-44d5-43b3-8a4d-08db093b3269
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HrWsGRv122/vZ+mgtFpSmd0eBJblOwHDdjf3nkjNIRKpMthWDa2Q84DJeWtDl7mMhpC4xPO7+FZvVzkAbCFRzQt6q58qZUsIKkwAbYPRXyYkHwMId8LZa26IjpGgSNycWl/wm9a2ZWjkCF7m/V6kO3FeL/lKlxRoAKL90GLvtxAeEA8ldW3kjLfT8pT1kqcNm3R/akbDasZOJXeSakJ0fl6Zsze1Htr/B6ND9MK5JGyUyUABlp3jd+GR5XkxsdNN2y23g5XswJKGc+2fxG61Ckpm8+UG7B4MEng5dpLcZnG5paj8FcWlaJMcmtfbBayCJXjU13/7VimNunV9gZsGOtvl7Eif9QwlVsBIf2BV9/vAxvRlLCXEepHPNBmAfxt0tNzwbmubJCMf0yRnsAdRp3HyvzetWX81g7SZCr/zi2XI1ZN7+qDGYETZrLdNLFvpn44Sz8HO2vDZxfKQbCvkrZftRZJJanJWu4ZSkaQpyr8wwNaMkNz3Qpo5bsiNrWXRObOp2MxRGrrG5V+jokWDJH5J0j2CBj9ZGpnorXQwQR4to4MUk/xOeMxx2T8MIGxmHteG8jCh73R6rm/agcfsaGzj6a7YLoP75w8NMEaHHKlx7/p/CCLICsBgcqwGzkQs89mv577r95TewdCVxJoDQ1GjRG7pmdofUdCWV8ZnEpcwj/WAGrvxopzP9Ut95D1ldFoYTvsP1fQj9fpNh9jrgpEd+YdliVsWmxJHkfTDsk5jZhAjDdN4Ph/Wh32p0S/Bvd1zTINNLzGDgb/aF5jA6A==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230025)(4636009)(136003)(376002)(346002)(39850400004)(396003)(366004)(451199018)(31686004)(478600001)(66556008)(8936002)(5660300002)(316002)(44832011)(235185007)(26005)(38100700002)(33964004)(66476007)(36756003)(966005)(53546011)(41300700001)(6486002)(166002)(21480400003)(83380400001)(6506007)(66946007)(6512007)(8676002)(31696002)(2906002)(55236004)(86362001)(186003)(2616005)(43740500002)(45980500001); DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: Gq1Y759ATDW7RXJ4Xwf2zs8ZpFPI1atSqNql6mzcdf/+4VGSe/tmViXr3/XONt8OEbZMC17k/baXNroqrAtbCCWQhCN4ACcTGwpau8xk6gVfAE0FmT02DXSJYZyy2sMkfBwBQPSxjmWzN81AWbResHOrNDy80xAxkYGXAtwXwpa9k5qzBEldCrY37wUwiCwjwB4WUFHkKfEE3rxPLYOO6rerOXLA/Pqsh7r++mSLoM2SiqhgSY93BnDoctQek6zLbWx72e6+sSF70zj8q6P8MZvUY2S6hT8+zs0ktBkkrcA1zMpJkdQLsugUB53i/PEqZwvsNOHPnJJpiZxgAWoLMkIteqPnB4C6uyQ/vIlx/2XiAsS/lZXQPdUnwiopVvUXepsaGnFJxOoGKpYxtR6SirGzJTcYJVyf0cVAj/tTfJSqFsTBOk5iTc59Wx9rGptaVQrDj2afHyozcaycnkgDTTQOkubW2k4wTVyrl48qDwgQCkUeJ6t46jrchNWQ/n+mZRGw5igxTK11FF+ryjl2kiICp49lmBE5AplALJPbTUOxRj+BGeu3Al6xC7nq0jhfwJ7ggNCP/2vco0IZ+Go+HZ7NMIzwKiw3D5IHIEUiIlDHN/cYfPO2tciXfUgEIU2XNFaYRjum1MbFhEX8o8DNxDat2CIaRA2oIUDH+sNfHpDyibGKWmbG/lOwuCzt5HBYNByGft9RKZFYxK5TOJiN9xlbT8AT/dKMeZIWYa1WxDAUdQWCRLRmp3EScnM7C50QqcWKO2amnespQ79g3zNf6FWI5oyC5R5gvZA1PEQj11ZwFUTWBk+VxOrTDMojvX8Bn7RoqiezCfQJmEzW8dg6zL+zC6dOKJIekFMRpCp1pqvy0Jr/HuSGnHe6xnF9uUHjnqJ6Bf4tIBaiWJoDkwKmi3atPTQ6GAmdJV0MgtuldcN94+Z1+O/1GgMBfxTL9SiN1Zc5iat62Yofyyds5OQs/w5Z/Uu5jr9aBEopNKbi0f30zoIRhXJRnLz4uUo6ujAeW+QhiKfWuw2H1rx1i1ybS85qn28EFHiQs8c1jQE0NwkTr9pqNdnVr45hj1DCfQMO2p3OgAqgk+9adj1PFtD5eYoNy6AlVFg5//xFUEIHOdVFnPgvRZ4UWU3wjM+EFjTCZhR3IaxlvxepKRWtPa0lt9JpLtuvoDOXTALsanTMVJiHOxFmGoWDsUM6tuslDWoSrE6ad98ZpeFJ8Neq+VJN9pP+wzcHeJerfab8je6co20jaDhZjDy8ezFT3xhebsrecES6bcsfh7RX4/x2RIX4glRkXS1OIGbMFcIXqlJSyqvdpPm+vwSTOeqUDOTWegYADek6ogfM2wP+ZIanpejpF/exblMlUXL591A41qT37tCgaRl5Chnt8BXFxxkRnFxzOqcg1k8IsO+z+xIxHrPBJFm7lHfTeRxEdelLJHQA7VTQV8DvIurpC79V7ZPAHWB510sWMKW95VrQ7gFxhEgLwUw84FYRfF4cd5SEGfVsmvXoKHCwHsRLl3iqbEmvqNH7Ao4QI6oPnKuPc+ODW+fbPD//QSsw1U8TCqkMwzvhi7mBSNOJ+QU6oF2+Dm+H48l9
X-OriginatorOrg: ri.se
X-MS-Exchange-CrossTenant-Network-Message-Id: 70651b6d-44d5-43b3-8a4d-08db093b3269
X-MS-Exchange-CrossTenant-AuthSource: GVYP280MB0464.SWEP280.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2023 18:43:25.8585 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5a9809cf-0bcb-413a-838a-09ecc40cc9e8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Eu+9wGACcp/JZqqHP39q942XN9wBPSbsask1YlyFEbagyM1YQap9Cr+KYK11W/kN4JSe2ahBbj+Rv9ihLGv1nA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PPFEB5003AD3
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/SxZl_NtwJPuv533Og5aJ5H47kaI>
Subject: Re: [Lake] Credentials, Trust, Authentication, and Authorization
X-BeenThere: lake@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lake>, <mailto:lake-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake/>
List-Post: <mailto:lake@ietf.org>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lake>, <mailto:lake-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 18:43:37 -0000

Thanks, Carsten!

Yes, it is about "trusting credentials". Maybe the full expression 
"trusting authentication credentials" creates confusion.

I can see the relation with authorization. When you say "previous 
authentication identity", do you refer to an entity that vouches for an 
authentication credential to be acceptable for a peer that receives it 
as new during EDHOC?

If so, different trust models can reflect different previous 
authentication identities and what they are expected to do. This can 
include the trusted entity that pre-provides an EDHOC peer with the 
authentication credential to trust, or instead with at least a 
corresponding identifier.

Best,
/Marco

On 2023-02-07 18:56, Carsten Bormann wrote:
> In Marco’s presentation today, I was a bit confused by this discussion focusing on authentication, when it really is about “trusting credentials”, which is a matter of authorization (is a new authentication identity authorized to speak for a previous authentication identity?).
>
> Grüße, Carsten
>

-- 
Marco Tiloca
Ph.D., Senior Researcher

Phone: +46 (0)70 60 46 501

RISE Research Institutes of Sweden AB
Box 1263
164 29 Kista (Sweden)

Division: Digital Systems
Department: Computer Science
Unit: Cybersecurity

https://www.ri.se

v2.23.0 | Report a Bug | By Email