Re: [saag] Discovery: can it be solved
David Schinazi <dschinazi.ietf@gmail.com> Wed, 17 November 2021 19:20 UTC
Return-Path: <dschinazi.ietf@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9088F3A00D7 for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 11:20:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMSrB6-KfGpg for <saag@ietfa.amsl.com>; Wed, 17 Nov 2021 11:20:43 -0800 (PST)
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCA8E3A00D6 for <saag@ietf.org>; Wed, 17 Nov 2021 11:20:43 -0800 (PST)
Received: by mail-pj1-x1033.google.com with SMTP id nh10-20020a17090b364a00b001a69adad5ebso3445913pjb.2 for <saag@ietf.org>; Wed, 17 Nov 2021 11:20:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iEf2osrGOiDgSiOqWcl/YRrWARMh0c1qBoMbu+XoOEA=; b=ccWzjArDiOCxItp4zHDtiw+8bKgEAF2DZ+arj2NLUS0fFvGqmvHDIw4lbV6LdR+3Q1 6fsj1BhGBdS9nBbq93bsUj94EI4QHzNWFBXKsAE0us0ETmIUyUCm/+egGX1MhfhN2vIL X2K1Pe4kPaC2aaUcL5eVmjvAHqP7W/r+vS0mtgSetTarsVvv4J9jg4ySySWox7X2CD80 BBI8idmhgKUpbxMn2oSnbP7tNWYIpkgGb9PxsccI/Znrz8oUrsb6i4IOhdSXliYNKZ83 1t1jqDHQPIcZmAztC9piJU0/nDhmlNd8thCG2FqBPB0YmqsLz0jwfkGV8aNjV4lhPGo7 6swg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iEf2osrGOiDgSiOqWcl/YRrWARMh0c1qBoMbu+XoOEA=; b=Az7cnJb5QvhaxmrENQz0CEn+mrdrCuwVjWAE3VqO3JEEckrOX1+HusGXDNfa2Ul0Ez A+yxC1AJrd05qvcEc9OvWVtUKPax7AlhXYPmiALMEqrzJg/70N1HMR6lSXrL2R8aWoQt gBT2EepoAEAV2Ef6/iSYJWJKwavINxP8wYSzJxFA1vI+77CqFXiOXyux8YLyfvU2cUT1 aNMubLlfB7qDiFy9ZiQ0897dHwN8WSPoGckJXXA31qg0suH3iyVsHOvzQNLacrHZYFj7 lYgQ1dIho027RVYii5VdOW8SGhABmXxxDzgKfOwEDRgVD1zdZu5hnRtGXm3w4pkNdBmU XTIg==
X-Gm-Message-State: AOAM533lxFvSc46Sgp6AlXSTYlrLVsYIhR/H+j/4j8m2JW8RX/65Vy+m ikRDxDSKMiY8P6J2M8yCXAIxXbDVR39G2/0y22zKqACU
X-Google-Smtp-Source: ABdhPJzjdsutrVTCgfnfDsmTYQS8I3E1nGVWykknEyXLVOVUb2RFV9/92rYP2FjjIEWe/iS4B70HbosonDcwweUPA6M=
X-Received: by 2002:a17:90b:110a:: with SMTP id gi10mr2600179pjb.124.1637176842408; Wed, 17 Nov 2021 11:20:42 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0cnEJR6otnxoYL8SZsKT830YtEMhNU8AV2FM+iHcM+BT5A@mail.gmail.com> <b52fb7cf1e494fbfa84d0b88587bdca8@huawei.com> <b31468dc-2959-40b0-81ba-1ec2dad012e4@www.fastmail.com> <19101.1637068497@localhost> <CAPDSy+6YJcu+DGJMX2vzHNPtJyeW62qd7r4DsDoXtcY=4vKtgw@mail.gmail.com> <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
In-Reply-To: <CA+9kkMCN1ifjB6xMHWhZWNWiuLCD98kBv7Nr1FPcxavZFk4X5g@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Wed, 17 Nov 2021 11:20:31 -0800
Message-ID: <CAPDSy+6etGy6an2SjBkbYJXwm+rXGfrwJHyDyrhfbrTry+Kddw@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: saag@ietf.org
Content-Type: multipart/alternative; boundary="00000000000020579105d100f09b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/I94yyO0YkA0-nvGJaRvCEjXQqm0>
Subject: Re: [saag] Discovery: can it be solved
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Nov 2021 19:20:47 -0000
On Wed, Nov 17, 2021 at 2:13 AM Ted Hardie <ted.ietf@gmail.com> wrote: > Your model is presuming a pretty powerful vendor, who can establish trust > with multiple proxies and who is maintaining contracts with them to achieve > its goals. Less powerful (or wealthy) software providers will likely rely > on shared infrastructure for this, and there are models in which an > organization rather than a vendor provides them (a university might stand > up an OHAI-like proxy, for example, to protect the data of its students). > I'd like to understand this example better. Who is the university protecting the student from? How does the client device discover the OHAI server? Thanks, David
- [saag] Discovery: can it be solved Watson Ladd
- Re: [saag] Discovery: can it be solved Antoine FRESSANCOURT
- Re: [saag] Discovery: can it be solved Martin Thomson
- Re: [saag] Discovery: can it be solved Michael Richardson
- Re: [saag] Discovery: can it be solved David Schinazi
- Re: [saag] Discovery: can it be solved Ted Hardie
- Re: [saag] Discovery: can it be solved David Schinazi
- Re: [saag] Discovery: can it be solved Watson Ladd
- Re: [saag] Discovery: can it be solved Tony Rutkowski