IETF Logo Mail Archive

Re: [Rats] Call for charter consensus

Carsten Bormann <cabo@tzi.org> Thu, 24 January 2019 16:54 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA724131212 for <rats@ietfa.amsl.com>; Thu, 24 Jan 2019 08:54:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dUipDQUDX_5A for <rats@ietfa.amsl.com>; Thu, 24 Jan 2019 08:54:13 -0800 (PST)
Received: from mailhost.informatik.uni-bremen.de (mailhost.informatik.uni-bremen.de [IPv6:2001:638:708:30c9::12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E799F131211 for <rats@ietf.org>; Thu, 24 Jan 2019 08:54:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at informatik.uni-bremen.de
Received: from submithost.informatik.uni-bremen.de (submithost2.informatik.uni-bremen.de [IPv6:2001:638:708:30c8:406a:91ff:fe74:f2b7]) by mailhost.informatik.uni-bremen.de (8.14.5/8.14.5) with ESMTP id x0OGrxbn023199; Thu, 24 Jan 2019 17:54:04 +0100 (CET)
Received: from client-0065.vpn.uni-bremen.de (client-0065.vpn.uni-bremen.de [134.102.107.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by submithost.informatik.uni-bremen.de (Postfix) with ESMTPSA id 43lpCC0zMBz1Br6; Thu, 24 Jan 2019 17:53:59 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <20190119012335.GT81907@kduck.mit.edu>
Date: Thu, 24 Jan 2019 17:53:58 +0100
Cc: Carl Wallace <carl@redhoundsoftware.com>, "Nancy Cam-Winget (ncamwing)" <ncamwing@cisco.com>, "rats@ietf.org" <rats@ietf.org>
X-Mao-Original-Outgoing-Id: 570041636.426984-10d33a24df1d3b73407122f07153783f
Content-Transfer-Encoding: quoted-printable
Message-Id: <64B825DE-50A6-4A87-BC8F-7ECC147E7316@tzi.org>
References: <D86754B8.D099E%carl@redhoundsoftware.com> <C79C7D38-3544-4CDB-94C5-2F49FF0D7BE2@cisco.com> <AD9A3A3C-42FD-48A0-8B5B-A1F6644573DB@redhoundsoftware.com> <20190119012335.GT81907@kduck.mit.edu>
To: Benjamin Kaduk <kaduk@MIT.EDU>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ZdyZkibrC4VkQXtef9PHgpKcApA>
Subject: Re: [Rats] Call for charter consensus
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 16:54:16 -0000

On Jan 19, 2019, at 02:23, Benjamin Kaduk <kaduk@MIT.EDU> wrote:
> 
> On the one hand,
> there's the raw crypto bits of "this is what signature validation/MIC
> verification/etc. you have to do in order to get the cryptographic
> validation that key X generated data Y [at time Z]”,

I would call that “verification” (related to “authentication”).

> but once you've done
> that, the decision of verifying that Y and Z are something you find
> trustworthy to perform action W is not really something we can standardize.

I would call that “policy realization” (related to “authorization”).

> My understanding is that we plan to talk about the crypto but not, at least
> at first, what you do after confirming that the crypto has not been
> tampered with.

That is also my understanding: we enable verification, but we don’t do the policy.

Grüße, Carsten

v2.23.0 | Report a Bug | By Email