IETF Logo Mail Archive

Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode

"Gould, James" <jgould@verisign.com> Wed, 02 January 2019 21:55 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6416812F1AB for <regext@ietfa.amsl.com>; Wed, 2 Jan 2019 13:55:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FToFVnn_63k0 for <regext@ietfa.amsl.com>; Wed, 2 Jan 2019 13:55:53 -0800 (PST)
Received: from mail5.verisign.com (mail5.verisign.com [69.58.187.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01892126C01 for <regext@ietf.org>; Wed, 2 Jan 2019 13:55:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=3022; q=dns/txt; s=VRSN; t=1546466153; h=from:to:cc:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=qfw5Udq10lpvcYUQ4NXVtY45eq5cFE/NgtyCcwkS5No=; b=bKqD9DYcW0c/fbs6xtbdPfgD2OzrU5F7yPDx4/TcKUbG77Q+B9e90eWf QiNpMxb1xCDFyQ702UzDlDXiVvSWImXuj4rDrihLi4FFfLvXhnbEflZ8o KH0qJ2hmLWGutHEMv1o7rnI309/EV91Q0tIXHepB6cvcGmcsgejY8Fndq 5NhIrblf8GEpcrTiOmdezSNuHjWgkInR/WSSdOBqh0mDdXworscyseLGz qrrJD8K7eRtZ70NegcWhbDOWKGp68Hzj9aTfG0BsR7SHeu22KtG8kIutc N8cd16q8eHbjTqlhxo6H3Q2qLd9KY6Q7fTwIz24MCpYt4PBBjFbRFmcKM A==;
X-IronPort-AV: E=Sophos;i="5.56,432,1539662400"; d="scan'208";a="6579288"
IronPort-PHdr: 9a23:MfxH2x21vLmyg5y9smDT+DRfVm0co7zxezQtwd8ZsesWK//xwZ3uMQTl6Ol3ixeRBMOHs6IC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwZFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QLYpUjqg8qhrUgflhicZOTAk7GHZhM9+jKxZrx2vphxw34Hab46OOfpiZazdeM8WSXZbU8tTUSFKH4Oyb5EID+oEJetUoYjzp1wTrRu6GAagHP7kxDtSiX/zw6I6yOotGhzB0QwiENIOt2nUrNHoO6oJT+C60rPIzTTYb/NX1jf97pLEfQwmofGJRL99d9fax0coFwPAlFqQqIrlMiuL1usTqWib7vFgVeOgi24hqgFxpCSgyt0whYnOg4IZ0lLE9SFjzIYxJdy1TlNwb928EJZIqi2WK5F6Tt4gTmxmoio2170LtJChcCUFzJkr3wPTZ+Cdf4SV4B/vSPydLSp3iX9mYr6zmhW//VCuyuLiVcS4zFNHoy9fndTPsn0CzBne58aZRvRg/0qs3C2A2gTS5+xGJE05m6TWJpw8zbM2i5Edq17MHjXsl0XzlKKWc0Ik9fW25On/ebXmo4OcN5dzigHjLqQigsy/Dvo8MggJR2WW5Piy2qX+8UL5WLtEgfw5nrXHvJzAO8QUuqm5AxVN0oo58RmwEi2q0MoCnXkcKlJJYg6Ij4/sO13WIfD4C+mwg0i0nTt22/zKJKDtD5fDI3TZjbvsfbhw51RTxQc31dxf4ohbCrAFIPL9QE/xs9nYAwc7Mwy7xObnFdF92Z4FVGKRHKCZKqLSsUSJ5uIgJemAfpMauDH4K/Q9/f7hkWc5mUMBfamuxZYXane4HvRgI0Wdenfsns0OEXoFvgo+VuDllFqCUTtLbXaoQ608/i07CJ6hDYrbXI+inaaO3CKgE51QYWBGEUyMEW31d4WBQfsDdCWSIsp5mDweSbehU5Mh1Q2ptALi0bpoMOXU9TMXtJL/z9V15vPclQ089TBuCMSdyW6NHClImTZCRTg22qRXvUVgxVfF2q99ybQMF9tT4fdhTg4nOp6axOt/XZS6EAvNd9KhTlG9Xs+7BHc6Sdd7i4sHb094M9OllQzZwi/sCLgQwe+lHpsxp+jz2GX1K4I16X/D2bJrxw0kTcxSMWGOmKNl9hPSCIiPmEKcwfX5PZ8A1TLAoT/QhVGFu1tVBVZ9
X-IPAS-Result: A2GIAABVMi1c/zGZrQpgAxwBAQEEAQEHBAEBgVQEAQELAYFagQ+BKQqDdYNKkhwlg1mPDIUTgSs8DAEfD4ECgzwCF4IFNwYNAQMBAQEBAQECAQECgQUMgjoiHE0vCQExAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAckIwEBGQEFIxFFEAIBCBgCAiYCAgIwFRACBAENBYJwMgGpJIEvg3GGMIELi0uBQT6BOAwTgkyEaRgXCiaCQTGCJgKJO5gQAwYChxCKb4FgTYRUimWJWYUBh3sBgywCBAIEBQIUgVyBeXAVZQGCQQmCR4M4g3GGYnINJIl1gR8BAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1531.3; Wed, 2 Jan 2019 16:55:48 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1531.003; Wed, 2 Jan 2019 16:55:48 -0500
From: "Gould, James" <jgould@verisign.com>
To: "johnl@taugh.com" <johnl@taugh.com>, "adam@nostrum.com" <adam@nostrum.com>
CC: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode
Thread-Index: AQHUoto9CDUlrjbr+E6Cv+FyyziDxqWcyTGA//+88QA=
Date: Wed, 02 Jan 2019 21:55:48 +0000
Message-ID: <0AAC649A-2171-441C-A653-EA10878F079C@verisign.com>
References: <41f72627-faf2-1fd4-b356-065b3cb98e2b@cis-india.org> <20181228194511.1ACBC200C07CD3@ary.qy> <01E9282A-0F48-4A39-837A-52CBB362571F@verisign.com> <alpine.OSX.2.21.1901021246440.84554@ary.qy> <b5e53ff4-b975-9380-d689-b3bb922cf253@nostrum.com> <alpine.OSX.2.21.1901021548390.85512@ary.qy>
In-Reply-To: <alpine.OSX.2.21.1901021548390.85512@ary.qy>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.3.181015
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <C82059FD878B214996A6FA97370985D8@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/CbDUudJe8cVztA_UmkKonSd7xwQ>
Subject: Re: [regext] Privacy and HR considerations for draft-ietf-regext-verificationcode
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jan 2019 21:55:56 -0000

John,

To remove any concerns related to the inclusion of VSP policy in draft-ietf-regext-verificationcode, the sentence " The VSP MUST store the proof of verification and the generated verification code; and MAY store the verified data." can be removed.  If there are no objections to the removal of this sentence, it will be removed in the next version of the draft.  
  
—
 
JG



James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/> 

On 1/2/19, 3:56 PM, "regext on behalf of John R Levine" <regext-bounces@ietf.org on behalf of johnl@taugh.com> wrote:

    On Wed, 2 Jan 2019, Adam Roach wrote:
    >>  I don't understand why.  The code is a signed token.  Imagine the registry
    >>  goes back to the signer asks about token 123-foo666 and the answer is
    >>  "We're the Ministry, we signed it, of course it's valid.  The details are
    >>  secret."
    >>
    >>  While that would not be my favorite way to work, and I can easily imagine
    >>  other scenarios with auditing and transparency business requirements, why
    >>  wouldn't that interoperate?
    >
    > If we're concerned merely with interoperation, the same is true of most -- 
    > if not all -- normative keywords used in "Security Considerations" sections. 
    > Your position might (or might not) be correct, but the logic of "2119 
    > language is only used for interoperabilty reasons" simply isn't true.
    
    I think there's a difference -- in security sections the goal is usually 
    to prevent leakage or spoofing or something else that would allow a 
    malicious party to interoperate with a victim.  One part of good interop 
    is not to interoperate with attackers.  But that's not what's going on 
    here.  The signature shows that the token is valid, and unless I'm missing 
    something, whatever you might learn from the thing the token represents is 
    outside the scope of EPP.
    
    Regards,
    John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
    Please consider the environment before reading this e-mail. https://jl.ly

v2.23.0 | Report a Bug | By Email