IETF Logo Mail Archive

Re: [Sat] Views

Venkatraman Ramakrishna <vramakr2@in.ibm.com> Tue, 04 April 2023 13:26 UTC

Return-Path: <vramakr2@in.ibm.com>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FBF3C151B35 for <sat@ietfa.amsl.com>; Tue, 4 Apr 2023 06:26:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.894
X-Spam-Level:
X-Spam-Status: No, score=-6.894 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ibm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTUnpBNwaTsT for <sat@ietfa.amsl.com>; Tue, 4 Apr 2023 06:26:31 -0700 (PDT)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3B23C15C28E for <sat@ietf.org>; Tue, 4 Apr 2023 06:26:31 -0700 (PDT)
Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 334DQPa1023692; Tue, 4 Apr 2023 13:26:31 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : date : message-id : references : in-reply-to : content-type : mime-version : subject; s=pp1; bh=r1lLUMiHLxYRgCii5yHyeD+CmhHd77C8pM6vZM85xkw=; b=VnaUvnLo9cE4DQbFUATMRaeXGltnAO+7wbRI1es6kVZNRS0UYfQL8mYpc8ZIsC2VnRRE G7LgDqSlbXTSOYz1iD25A/yfdm5D19CIRJ54JG+kSU9W4LpHPe+YqHULaUzjVYPJnbjh 2SK5YwYBAd6GOrJw9UAuAGNvFpwnIkAgE65MgDLnUQh6LCLGOEvmXD4ipX7yXxyQFDsu jtJb9/uO96DqxBEJwOWLWW65AOE86OoBpEaNhAvKd68Oka4h5ugBtoGCxlAyER2VmQ2h K83OtpKJ+Oerh3U+lmdZROUPNoHS6As658JO7CfEk++k5TnIqnOAq73G3oBT+bJP5bTl nA==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3prmsd002c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 04 Apr 2023 13:26:30 +0000
Received: from m0098396.ppops.net (m0098396.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 334DQUlA024062; Tue, 4 Apr 2023 13:26:30 GMT
Received: from nam02-dm3-obe.outbound.protection.outlook.com (mail-dm3nam02lp2048.outbound.protection.outlook.com [104.47.56.48]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3prmsd0021-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 04 Apr 2023 13:26:30 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SAssExNIUOdiDhEdTA625HdJ2TNtIWPVs5ubpmkrBHUgvuJHra0vZSmL3G1PpEzN9epF5LOISDw6VPRjei51gh/JnR3T5qfz35m3OOgbfaM36YHoU2oRAWrjO8nQhPnrOdBQEaJHBcwhzB9aiymSDKIafuPbvVu6U05R25O7b2Ycjy6pB4ZCj3CyuMcXsOowR1Iiyy361yKKzqbHL+ABNrHQOA5Fs5XST5cOU0qIW6IXwXA1Afcuq2/SAxEZ64GGEw/zOmKMGIFM0LzxQGd1J/NKY2Omw1oEmKkKGCKscRIHYTIvl5hWuO+uXD03Td5h9J0heT3M9wFZI+CrU9UwbA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DD8onzvv2Tn4BuSWctKPHfwybuF05r0eiZUc8QoIrUg=; b=lKVA22/ijGE8HBdrglOc8HsWMVBYM3lVhSX+Qii2Neag7RIvfZXKSvZnTwpqyVlrAnbckN23RaELZDRd80I1nnpQ9lsXIuGAZ+xeS5l2KE5Uo2xBTjAwlG0MAeA/yybN3jTZTTBpO3bxkitY9567ZcIihx2kkH9KENM0Ur84j8qbh6mU+/5WckMfRCOAFek1eR0zCziubPY4jiq76HEc4O2YebE3t6OoBuWZxXi6n2/jT3S0WSPrenc7FNpJIM8ne2fyqGVANBe02qfufewrKxhkxIJBMS3/JZLkpFgZoJpLbg/Jxv15j8d/MbiI8I00820972rzwBm97SYs0CJWfQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=in.ibm.com; dmarc=pass action=none header.from=in.ibm.com; dkim=pass header.d=in.ibm.com; arc=none
Received: from BYAPR15MB2277.namprd15.prod.outlook.com (2603:10b6:a02:92::30) by DS0PR15MB5748.namprd15.prod.outlook.com (2603:10b6:8:14c::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6254.30; Tue, 4 Apr 2023 13:26:28 +0000
Received: from BYAPR15MB2277.namprd15.prod.outlook.com ([fe80::4e24:17a0:3cef:948f]) by BYAPR15MB2277.namprd15.prod.outlook.com ([fe80::4e24:17a0:3cef:948f%4]) with mapi id 15.20.6254.035; Tue, 4 Apr 2023 13:26:28 +0000
From: Venkatraman Ramakrishna <vramakr2@in.ibm.com>
To: Tecnico Lisboa <rafael.belchior@tecnico.ulisboa.pt>
CC: "ladler2@bellatlantic.net" <ladler2@bellatlantic.net>, "sat@ietf.org" <sat@ietf.org>
Thread-Topic: [EXTERNAL] Re: [Sat] Views
Thread-Index: AQHZXd4VYIvezZFs80u+KalTI0mbw68bM8mA
Date: Tue, 04 Apr 2023 13:26:28 +0000
Message-ID: <BYAPR15MB2277534DA4D1A78BF5B30DAEB8939@BYAPR15MB2277.namprd15.prod.outlook.com>
References: <BYAPR15MB2277017397C6DC05471BE525B8819@BYAPR15MB2277.namprd15.prod.outlook.com> <EBF1E09B-CE48-451E-B91B-98FAEC23DB18@tecnico.ulisboa.pt>
In-Reply-To: <EBF1E09B-CE48-451E-B91B-98FAEC23DB18@tecnico.ulisboa.pt>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR15MB2277:EE_|DS0PR15MB5748:EE_
x-ms-office365-filtering-correlation-id: 957f958e-ca70-4ee9-2856-08db3510323b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Jzgaus1WRReuElXZz1U/q7DYLJiDpxhdfn7N9tfmRnU3Uje9P9YR5P4kV8mCbzNkaf5x7y6sGidD82WIJ+KNzt5XL0KJD8g1qBewi2o1A8ZpDdoRcQ5/rDdlMmYqMAwTeDqnnQph8Qtb1jGOmDsFu2Bl5IDySeouKx6LX2hSg5HBpOptC0FySxbXJZLWbI+yKUnbM5KQ9vTjHoHb4oOWl7W4fYmnNGCFJID0MwmZ39JpggAjlMmSWMm/iQONN+cxW5OsQVYpr2Z5+hWJgsM1YeY2n81NQs6DoTLV8VN7PT1uYA8KL/Xi3CpSKFxaYcRKM0xOxJZMvGvfuG2Er6QWRB+kRMp8NqYCkfUfxS0M2lUOVraG0Cyd2746q3Neel6HfbETUeb1vRRI76Zdgu9eWTns7iEA2geOu8H23G1OFjlk3Fr8M7x6YDudZLfZAa+n1mlZjC3ioJDW/wrU71oybJ4WqtNopKzguvEjw26iIT8KMW5yiHnJH/U2OCgLZrp1KccBEvCizXSU9NWEB1vZMbdtrOTg6+qowRRmHPHOK9fo160ULT2dNqQBX9tTSbB0n3fHSGOlL2W2uzEEoWal12a/EvsSg1ncRuq0ZnhJHvmWa1/e0RcxMW5NOXiccLbBwd3X+KW7FWBxOYP5ixsVXA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR15MB2277.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(366004)(346002)(396003)(376002)(39860400002)(136003)(451199021)(55016003)(4326008)(478600001)(122000001)(66476007)(64756008)(66556008)(6916009)(66946007)(76116006)(66446008)(54906003)(52536014)(8936002)(5660300002)(8676002)(316002)(38100700002)(41300700001)(186003)(53546011)(83380400001)(45080400002)(966005)(71200400001)(26005)(6506007)(9686003)(86362001)(33656002)(166002)(2906002)(38070700005)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: kxP3Jd/QnkSMM/sADNxaId+ayRF+uFw6Pc/Rph3fXyvMDaII45MEz/QIRjV8vNJqwetUGw2FJweiQeCXzn2gfy0h/TJa3s28gcREu/+btjHQUeFUIleHg8dU88xDaK/g0FXxPSnnOrQaGkuTlwzc4oJwdN760cM1oJ9w8AHrt0LmyiLFrWSqbQ1YD6QXgAE/Q4p504wm+5pzR271yPOcM+Zv8V2WxrjHn2vpHwEOl15plJVf+FlnrrXZsoUEkjABoL3jQZ/ME1V/5F4diNJCuIRmI3RSQFnVp7Oh6zCKNliqn0iuPusTmGrF/UdbAdapp2Cno5fGPsgNj1zCWqgziE2QI/v3c2WoUDtx9ZQHvOZn4YF/iqsKwWCYO3GDz2RSuE8ky/lbcOVMyaum9CEzsHjYnQ+i8/KvAFkUcoQYFgk3NEwUUdcDltzGAXvPtoWgd/g1km5AjAe/Ljcq+PyF58nqNG62gVz0CKSBT1OKWHh4NaecHwXRhL+0U7McDWpZAIEtdr92NYM3Day69rPQJnrK60rrV59mkGQJSPf2W4yIQSbHikH6wbe4WaoZCg7FVtY2D+f+YrURkeGG0w+BhnkihgO8taVgH/DwSeIT0Mr8TozPGZbG3GMjVkwyeS8VmtHzKZHz15a1ltSdk4c1swWIcF61EvNTk2bu+KrTxuS/ZkOziN/r2H+oVHNlFI2/64EpI49lxlW8nAHvNGlT71p7OFVGsw1e7BKX6e10fAFS1/dlqBN931oTcpPorvCVkfHdiL9BgKwJalSOLEHjIDbeBnaD0/MB32xiPf8XH7xI2f/s1b7SZbSyb12J/jeTs7yVUSYONQsJf+MmHWS6PSJO5sUVKmjXCNdCv4iNDZKWAgCNHh1I6X/IAGnE4m6joZcztFoOpokyOJP44VgQdrHIcGPZMeh/fyRzaORoJGGHUMqlY7p61QY/03eIBbMtzGaDonRdcV5wTqCWIdn2hZd3jy+84WbNlLpyeIGh5W7VXJhTTbhm31dr5XIOVCYZJlFgV/IW2Y3xBnZxTAS9zWG3xxzU/nvYpNjktTCZ/M+d9M4Js4fH/bgxZlvpVEi8uadfDfMj5V3ZRy1polsGpQhBI+IENs1nXEdivITFb2H+NRiJRKX7rENa3j9kRNzuPoe+Kj4zS3IH6n6Xc1Sludg+VtjnXS1CEGD32HG0zLtqdOaUsQlBYYEZGIhTS/839Yuauv18d6BRpi6iRsGFS+Vi2Pe1ZOx+L510n9rhgxjtAVpbAhX0OXzLddbAmr3gNm3bBJ2AZZYRCjqd1Xtm02AeySM5izIJCkcE8QNsKtIvGLkifpAqogi69lnE6hbHm8ZJs80iQHitCyAQKrAlLeaj75cSjMdPL9zUD3ODQRXdh1Dz8/aU2KxWespjqsEK6jHaA23J0l9dMTMnWX+EnkSHIzIAoBz4OWKQwfcdjF9Pax9fpLLGd9LLdzRWfWGy2fig/OVObVBE037yS3wwpCBudKQsfpjgRIdKR5HcpHIVhOnZELr/P5sem3Znhv2HgDf+D6YoPInis72lcCNh/eNDeQ+HY4WFesG2TmnCVoo=
Content-Type: multipart/alternative; boundary="_000_BYAPR15MB2277534DA4D1A78BF5B30DAEB8939BYAPR15MB2277namp_"
X-OriginatorOrg: in.ibm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR15MB2277.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 957f958e-ca70-4ee9-2856-08db3510323b
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2023 13:26:28.1472 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fcf67057-50c9-4ad4-98f3-ffca64add9e9
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: UF6g11y9iASg75polpmIkGglQ6PdV3fnoZvuRKJ3ZCcYTu9GDV1rIZi11ZRbPRUFbWWix4C2hahKgzfxhmc9hg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR15MB5748
X-Proofpoint-ORIG-GUID: WkBJSryeFtPDtc_YREI6Icjk8lftK4hF
X-Proofpoint-GUID: snFaxKmT5zmVknhbga2v76_XDQGkhRrV
X-Proofpoint-UnRewURL: 6 URL's were un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-04-04_05,2023-04-04_03,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 bulkscore=0 adultscore=0 malwarescore=0 mlxscore=0 suspectscore=0 mlxlogscore=999 phishscore=0 lowpriorityscore=0 clxscore=1015 spamscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000 definitions=main-2304040121
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/-w0m0UNsR-QezIVKEh4RggwP5io>
Subject: Re: [Sat] Views
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Apr 2023 13:26:33 -0000

Rafael,

Sorry for replying so late to your questions.

>>>Basically you are proposing an additional procedure where the network of G2 enforces the security regarding proof generation by G2, correct?

The network of G2 is enforcing the security by validating the proof through its consensus mechanism. The proof itself is not being generated by G2 though; it’s being generated by G1 requesting its network (like how G1 currently gets lock/burn assertions from its network in SATP). G2 simply communicates the proof to an app or directly submits it to its network for validation.

>>>Are these additional functionalities and changes to the security model desired to be part of the core protocol or particular instantiations of the gateway (eg plugins)?

No, in fact the opposite. The data sharing mechanism we are drafting, and which is implemented in Weaver and Cacti, is even more paranoid than SATP w.r.t. trust in gateways; it does not trust gateways for integrity nor for confidentiality purposes. This is prevent gateways from either (1) tampering with data/assertions and proof, or (2) exfiltrating them to other external parties that the source network, which may be a permissioned network, does not wish to share authentic data and proofs with.

Rama


From: Tecnico Lisboa <rafael.belchior@tecnico.ulisboa.pt>
Sent: Friday, March 24, 2023 4:50 AM
To: Venkatraman Ramakrishna <vramakr2@in.ibm.com>
Cc: ladler2@bellatlantic.net; sat@ietf.org
Subject: [EXTERNAL] Re: [Sat] Views

Hello Rama, Basically you are proposing an additional procedure where the network of G2 enforces the security regarding proof generation by G2, correct? Are these additional functionalities and changes to the security model desired to be part
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Hello Rama,
Basically you are proposing an additional procedure where the network of G2 enforces the security regarding proof generation by G2, correct?

Are these additional functionalities and changes to the security model desired to be part of the core protocol or particular instantiations of the gateway (eg plugins)?

Rafael


On 21 Mar 2023, at 11:26, Venkatraman Ramakrishna <vramakr2@in.ibm.com<mailto:vramakr2@in.ibm.com>> wrote:

David,

Sorry for the inordinate delay in responding to you on this topic. (At least it was not pressing, as the “view” drafts are presently not within the SATP scope.)

Yes, supporting Views (and View Addresses) is meant to be an additional function for the gateways. I don’t recall how well this is sketched out in the drafts I linked to, but there is more work required at G2 in a view request-response protocol. G1 simply communicates messages back and forth within minimal processing (assuming the address of G2 is embedded within the View Address) whereas G2 must submit a request and collect a response from its backing network just like G2 collects evidence for a minting in SATP. I’ll try to work this out later once the SATP is more or less crystallized, but I think supporting views and addresses will require relatively minor augmentations to the features that the gateways must anyway implement for SATP.

There is a basic security problem that arises in view request and processing, but the solution for this is built into the end-to-end protocol (https://datatracker.ietf.org/doc/draft-ramakrishna-sat-data-sharing/<https://datatracker.ietf.org/doc/draft-ramakrishna-sat-data-sharing/>) in the following ways:

  1.  The gateway (G2 specifically) is not trusted either for integrity or confidentiality purposes: it simply returns a proof generated by N/W2, and it does not have the authority (or capability) to unilaterally generate a proof that G1 or N/W1 will accept. In this respect, the trust model is different from what the SATP currently assumes.
  2.  The network being requested for a view (N/W2) will run an access control check before sending a response. If N/W2 is a blockchain/DLT, for example, this will be a consensus-driven decision executed through a smart contract. The right “proof” can’t be generated unless this access control check is passed by a quorum of honest peers.
I can’t think of other security issues. Do you see anything that is not covered here?

Regarding the utility of this procedure: this protocol was created (and implemented) to solve a particular need for the sharing of ledger (or smart contract) state from one permissioned DLT network to another, and we just extracted a common pattern and found a mechanism to handle it. The use cases draft (https://datatracker.ietf.org/doc/draft-ramakrishna-sat-use-cases/<https://datatracker.ietf.org/doc/draft-ramakrishna-sat-use-cases/>) has examples (see Section 3).

Rama

From: sat <sat-bounces@ietf.org<mailto:sat-bounces@ietf.org>> On Behalf Of ladler2@bellatlantic.net<mailto:ladler2@bellatlantic.net>
Sent: 13 January 2023 00:54
To: sat@ietf.org<mailto:sat@ietf.org>
Subject: [EXTERNAL] [Sat] Views

Hi Rama: I am referring to your two documents linked in your Oct. 17, 2022 email. In the SATP process the only use I can see for a View is to examine the Digital Asset before it is actually transferred. However, it has been stated in the WG
ZjQcmQRYFpfptBannerStart
This Message Is From an Untrusted Sender
You have not previously corresponded with this sender.
ZjQcmQRYFpfptBannerEnd
Hi Rama:
  I am referring to your two documents linked in your Oct. 17, 2022 email.
In the SATP process the only use I can see for a View is to examine the Digital Asset
before it is actually transferred.  However, it has been stated in the WG meetings that
the details of the Digital Asset and the transfer must be specified in an agreement that
precedes the transfer.  So supporting Views is an additional function for the gateways.

Adding  the processing of Views to the gateways may be useful to support application
communications between Blockchain networks.  But the additional security problems View
processing entails is not justified unless View processing is required for SATP.
We also have a great of work to make SATP a useful protocol in the real world.

David Millman

--
sat mailing list
sat@ietf.org<mailto:sat@ietf.org>
https://www.ietf.org/mailman/listinfo/sat<https://www.ietf.org/mailman/listinfo/sat>

v2.23.0 | Report a Bug | By Email