IETF Logo Mail Archive

Re: [Rats] draft-birkholz-rats-uccs

Thomas Fossati <tho.ietf@gmail.com> Sun, 14 March 2021 00:32 UTC

Return-Path: <tho.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4723C3A13BF for <rats@ietfa.amsl.com>; Sat, 13 Mar 2021 16:32:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sJJhBkRZj5MF for <rats@ietfa.amsl.com>; Sat, 13 Mar 2021 16:32:48 -0800 (PST)
Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF4CE3A13BE for <rats@ietf.org>; Sat, 13 Mar 2021 16:32:47 -0800 (PST)
Received: by mail-lf1-x12f.google.com with SMTP id k9so51363954lfo.12 for <rats@ietf.org>; Sat, 13 Mar 2021 16:32:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=3WdyJcPDHSRVOvfLa2gOjg1Z0Xo5VkCSJRkOnjfmA7g=; b=FG2+/pa+I0Vak39oK/IktqGJfAtcPQ5zTv1g7h0TCAzKR2n5cNyISVrweVENeW3dQc cHYMCDbOUl+DAEYAhL6L2nKBcV0EAzcs1XJ9D8VQ2MCiMXElILNtQ51lwbTp7NMwxlM4 EzkNRE5nJVcS/v3/jgBZWg0RGcO9GcOJdIqsFpRp9OtoqQ/leiew5b8SV+nxp/emDGPU lhAgNA6bnYezI6K6qj8TEi7gz8Cw4hQ9YanvylKLOWa20LvNlFJeeB0sEgtv6qTyzWAk AJSrsYf65HUV8N7eXLtFle69RJ07UHjWKRkPgq1unWHtlcV8Az/f5Hl4RhNzkEIwoatc cYKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=3WdyJcPDHSRVOvfLa2gOjg1Z0Xo5VkCSJRkOnjfmA7g=; b=Qw6ddJ/9rJsuSDRzxMVNgF+YvLy1R9AqBum6oHyuRReSyMTOzUEkvPXjrHTT0XE4WE qDPfi/z7qXn0QPWTRSAhUy2n/dAYcGvhCZYXxJKWagXFnyqpp5RnT0IlVGvPAMi2Uw72 FrPgEzJygUAc5WA0gIFI2+D6GG9UJBubrtByHDdW8u2La7HtSNz3pwEVXHiou2xd2//4 V3rQmVHjd5jYiYrtDPaRG/ktAnwSYXoOJTjNqm9T8T0Gauw7Al3Zbnl5hdELGmnMx2Ow d9Hqx+fgoNjkh/v2Pi08oJX0AOKmRw2MOdC1UhJfhgZXhVpYVxU1G0HlGj54kFea492M IY9g==
X-Gm-Message-State: AOAM532pMYyPPSUugik0+wdodt13YIRrVnER6nj3O1vf3Sw69msvEjuZ Dt5c0ZKR0Bb8Dprel0cHAE1fQsSGpfaYFNu/wEw=
X-Google-Smtp-Source: ABdhPJwhBye0bYN1mvTfP2P2CA28BAKBRcSDUdJGCwuQgPd5tj4JOcTiM75C8MyrN87wL7ujWZCoT9Bt4evc+0tORVg=
X-Received: by 2002:a05:6512:1088:: with SMTP id j8mr3741645lfg.475.1615681965943; Sat, 13 Mar 2021 16:32:45 -0800 (PST)
MIME-Version: 1.0
References: <VI1PR08MB2639119D9BB1C98A1FBF3863FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com> <BYAPR02MB442217661B96C66A8881DD89816F9@BYAPR02MB4422.namprd02.prod.outlook.com> <659C7D3E-B5C9-484F-85E8-5D48E2C2F856@island-resort.com> <VI1PR08MB2639F0B6CDC8DA24A300BA22FA6F9@VI1PR08MB2639.eurprd08.prod.outlook.com> <E98547E5-6F6D-4CDE-9F7E-54D8B5C3BCD5@island-resort.com> <CAObGJnNGqGLKVq7Xi_-GL5w-xFNhULg4BPR18pdRWoSCvKYRiQ@mail.gmail.com> <8213283A-18D1-40FD-9980-3CEA037F4DEA@island-resort.com>
In-Reply-To: <8213283A-18D1-40FD-9980-3CEA037F4DEA@island-resort.com>
From: Thomas Fossati <tho.ietf@gmail.com>
Date: Sun, 14 Mar 2021 00:32:31 +0000
Message-ID: <CAObGJnPQX=LxcpZu_M_gquvv1K7xTJdBR8obOpAgfw6FHzHHOQ@mail.gmail.com>
To: Laurence Lundblade <lgl@island-resort.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "rats@ietf.org" <rats@ietf.org>, Giridhar Mandyam <mandyam@qti.qualcomm.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/1BhtpajQUPf5rKLBjllUb5UruNc>
Subject: Re: [Rats] draft-birkholz-rats-uccs
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Mar 2021 00:32:49 -0000

On Sat, Mar 13, 2021 at 9:05 PM Laurence Lundblade
<lgl@island-resort.com> wrote:
> > On Mar 13, 2021, at 12:32 PM, Thomas Fossati <tho.ietf@gmail.com> wrote:
> > I see this in a slightly different way: we take a data format that has
> > a "secure by default" label on it and we strip off the very thing that
> > makes it secure.  Since we are changing its commonly understood
> > semantics, it's probably wise that we simultaneously state why and
> > when this is acceptable, along with the assumed threat model.
>
> Agree that something must be said for this reason.

cool

> Just don’t think it should go into the full set of security considerations or describing a designed solution because both vary by use case and problem domain. It is not possible to anticipate all the use cases and problem domains.
>
> We don’t have any standard that says how you should securely transfer particular data formats like HTTP, XML or JSON. There is no “Secure transfer of HTML” standard. Instead we have security protocols like TLS, COSE, JOSE and such which can be used to secure data in general.
>
> As I mentioned before, I think it would be good to split the document in two, something I hadn’t thought of before.

IMHO it seems more natural to have that (minimalist) something you
mention above narrated alongside the description of the UCCS mechanics
rather than splitting the two.

> But, I’m still OK with it as is. This is just a fun discussion :-)

True, I also learned something new about sailors and horse latitudes!

cheers,
-- 
Thomas

v2.23.0 | Report a Bug | By Email