IETF Logo Mail Archive

Re: [Marnew] endpoint consent

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 24 September 2015 11:41 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: marnew@ietfa.amsl.com
Delivered-To: marnew@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F7EB1A903F for <marnew@ietfa.amsl.com>; Thu, 24 Sep 2015 04:41:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id omy9h8uY3Okr for <marnew@ietfa.amsl.com>; Thu, 24 Sep 2015 04:41:45 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61D341A903A for <marnew@iab.org>; Thu, 24 Sep 2015 04:41:45 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 2E338BE3E; Thu, 24 Sep 2015 12:41:44 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ah4OtvHakXas; Thu, 24 Sep 2015 12:41:43 +0100 (IST)
Received: from [10.1.185.4] (50-207-235-101-static.hfc.comcastbusiness.net [50.207.235.101]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D61B2BE2F; Thu, 24 Sep 2015 12:41:41 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1443094903; bh=caG4bShczsivS94xQVmXtFCJMByzSJLBub0rxR+TEKU=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=Jc0y9AEM2q8F+NcsOmIorRfJHcQocbAoLBCMl8Vm2HkT9/AGjOkM2pNQ7YNUHfK7s iPx5xyYFr7shqqz2Ujt+gXUYMUAhKiglqE6JVjEdZzuhFEI9/YQbf+SAawwnJoFYpm oTKAam8ZA5/D9G5vtFfC+6DFEjErrXS6cORgJ8jc=
To: Aaron Falk <aaron.falk@gmail.com>, Salvatore Loreto <salvatore.loreto@ericsson.com>
References: <1991284A-864D-45C0-A016-A64C8FA5F029@gmail.com> <09EC7D4E-0245-4019-9D20-F95CF2362845@piuha.net> <2B9B48179856DC4FA00C93C79EB7E64A0E991DDD@ESESSMB109.ericsson.se> <CAD62q9X0o3hUp_48OQCohkxh-+g-0YN+HJNCtZJX2huwa96ujw@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <5603E174.8040009@cs.tcd.ie>
Date: Thu, 24 Sep 2015 12:41:40 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <CAD62q9X0o3hUp_48OQCohkxh-+g-0YN+HJNCtZJX2huwa96ujw@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/marnew/_19pipjVwi7NrhoJk0_oR_5i2Es>
Cc: Jari Arkko <jari.arkko@piuha.net>, "marnew@iab.org" <marnew@iab.org>
Subject: Re: [Marnew] endpoint consent
X-BeenThere: marnew@iab.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Managing Radio Networks in an Encrypted World <marnew.iab.org>
List-Unsubscribe: <https://www.iab.org/mailman/options/marnew>, <mailto:marnew-request@iab.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/marnew/>
List-Post: <mailto:marnew@iab.org>
List-Help: <mailto:marnew-request@iab.org?subject=help>
List-Subscribe: <https://www.iab.org/mailman/listinfo/marnew>, <mailto:marnew-request@iab.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 11:41:46 -0000

Hi Aaron,

On 24/09/15 12:30, Aaron Falk wrote:
>  Meaning, only one endpoint
> needs to be aware of the third actor but he needs to know what he is giving
> up in security through that trust. 

I don't think that is correct tbh, or maybe I'm confused about what
you mean.

In the scenario where a user accesses their bank account from work in
the presence of a TLS MITM operated for the employer, I think both
endpoints have valid reasons to need to know about the MITM.

Cheers,
S.

v2.8.7 | Report a Bug | By Email