IETF Logo Mail Archive

Re: draft-turner-caclearanceconstraints-01.txt

"Timothy J. Miller" <tmiller@mitre.org> Mon, 13 October 2008 14:39 UTC

Return-Path: <owner-ietf-pkix@mail.imc.org>
X-Original-To: ietfarch-pkix-archive@core3.amsl.com
Delivered-To: ietfarch-pkix-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 719BA3A67E3 for <ietfarch-pkix-archive@core3.amsl.com>; Mon, 13 Oct 2008 07:39:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zqqqVsbAK3ip for <ietfarch-pkix-archive@core3.amsl.com>; Mon, 13 Oct 2008 07:39:06 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 888F13A67CC for <pkix-archive@ietf.org>; Mon, 13 Oct 2008 07:39:05 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9DE3JkO099831 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 13 Oct 2008 07:03:19 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m9DE3JKi099830; Mon, 13 Oct 2008 07:03:19 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m9DE3Iox099822 for <ietf-pkix@imc.org>; Mon, 13 Oct 2008 07:03:18 -0700 (MST) (envelope-from tmiller@mitre.org)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id m9DE3Hjf013007 for <ietf-pkix@imc.org>; Mon, 13 Oct 2008 10:03:18 -0400
Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id m9DE3HHM013001; Mon, 13 Oct 2008 10:03:17 -0400
Received: from [129.83.200.2] (129.83.200.2) by imchub2.MITRE.ORG (129.83.29.74) with Microsoft SMTP Server (TLS) id 8.1.278.0; Mon, 13 Oct 2008 10:03:17 -0400
Message-ID: <48F35523.7000409@mitre.org>
Date: Mon, 13 Oct 2008 09:03:15 -0500
From: "Timothy J. Miller" <tmiller@mitre.org>
User-Agent: Thunderbird 2.0.0.17 (Windows/20080914)
MIME-Version: 1.0
To: Carl Wallace <CWallace@cygnacom.com>
CC: ietf-pkix@imc.org
Subject: Re: draft-turner-caclearanceconstraints-01.txt
References: <p0624051bc5098b483ca0@[128.89.89.71]> <9F11911AED01D24BAA1C2355723C3D3218DDA55C66@EA-EXMSG-C332.europe.corp.microsoft.com> <FAD1CF17F2A45B43ADE04E140BA83D487A42B0@scygexch1.cygnacom.com>
In-Reply-To: <FAD1CF17F2A45B43ADE04E140BA83D487A42B0@scygexch1.cygnacom.com>
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha1"; boundary="------------ms040507080402010501060703"
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>

Carl Wallace wrote:
> I vote yes to adopting this as a PKIX work item.  Specification details 
> can be resolved after the draft is accepted as a working group draft.

Can we even say for certain that clearance is a consistent enough 
concept within and across jurisdictions to enable a single logic for 
constraint processing?  I'd argue not.

E.g., RFC3281 talks about "the" basic clearance hierarchy, which doesn't 
even exist.  What's the relationship between NATO CONFIDENTIAL and US 
UNCLASSIFIED CONTROLLED INFORMATION?  How about US UCI and US FOR 
OFFICIAL USE ONLY?  US SECRET/NOFOREIGN?  US TS/SCI and TS/SAP?  And 
that's without even getting into the obscure corners of the US alone.

What I'm trying to say is that classification is *not* a strict 
hierarchy.  It's semi-structured.  We have trouble enough figuring this 
stuff out in the real world without having to write code for it.  :)

Presuming I have a vote, I vote no.

-- Tim

v2.23.0 | Report a Bug | By Email