IETF Logo Mail Archive

Re: [Sat] Views

Tecnico Lisboa <rafael.belchior@tecnico.ulisboa.pt> Thu, 23 March 2023 23:20 UTC

Return-Path: <rafael.belchior@tecnico.ulisboa.pt>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3887C1522AD for <sat@ietfa.amsl.com>; Thu, 23 Mar 2023 16:20:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.192
X-Spam-Level:
X-Spam-Status: No, score=-4.192 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tecnico.ulisboa.pt
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sy5-iw28nPKI for <sat@ietfa.amsl.com>; Thu, 23 Mar 2023 16:20:38 -0700 (PDT)
Received: from smtp1.tecnico.ulisboa.pt (smtp1.tecnico.ulisboa.pt [193.136.128.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3151C14CE39 for <sat@ietf.org>; Thu, 23 Mar 2023 16:20:36 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp1.tecnico.ulisboa.pt (Postfix) with ESMTP id 0D35D6005C27; Thu, 23 Mar 2023 23:20:33 +0000 (WET)
X-Virus-Scanned: by amavisd-new-2.11.0 (20160426) (Debian) at tecnico.ulisboa.pt
Received: from smtp1.tecnico.ulisboa.pt ([127.0.0.1]) by localhost (smtp1.tecnico.ulisboa.pt [127.0.0.1]) (amavisd-new, port 10025) with LMTP id R3ME95NUr59A; Thu, 23 Mar 2023 23:20:28 +0000 (WET)
Received: from mail1.tecnico.ulisboa.pt (mail1.ist.utl.pt [193.136.128.10]) by smtp1.tecnico.ulisboa.pt (Postfix) with ESMTPS id 438BF6005403; Thu, 23 Mar 2023 23:20:28 +0000 (WET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tecnico.ulisboa.pt; s=mail; t=1679613628; bh=CpoDWnHRKKeqFuZblN9FU6gdJGsKPq+/eXNLNBIiwAQ=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=haU6rpimKkqu/UZwFoSq07T391fDgSTe7xag3xTTF74d0Hss+1sHEBhleqlmPD0Tu 2miiqmqW5pG3GGHFZ6Ad4i6UdmlspY5lbuWimPJWmFOEWMMVsHlQRmHbAh+NsJPn5D PcPpooh9SPRWx6XqbhL2dFjcN5BcspmgkqIQ82vg=
Received: from smtpclient.apple (unknown [83.223.224.77]) (Authenticated sender: ist180970) by mail1.tecnico.ulisboa.pt (Postfix) with ESMTPSA id 6F3D5360078; Thu, 23 Mar 2023 23:20:27 +0000 (WET)
Content-Type: multipart/alternative; boundary="Apple-Mail-38EA4862-7E61-4AA1-A8E7-86508DC8873C"
Content-Transfer-Encoding: 7bit
From: Tecnico Lisboa <rafael.belchior@tecnico.ulisboa.pt>
Mime-Version: 1.0 (1.0)
Date: Thu, 23 Mar 2023 23:20:16 +0000
Message-Id: <EBF1E09B-CE48-451E-B91B-98FAEC23DB18@tecnico.ulisboa.pt>
References: <BYAPR15MB2277017397C6DC05471BE525B8819@BYAPR15MB2277.namprd15.prod.outlook.com>
Cc: ladler2@bellatlantic.net, sat@ietf.org
In-Reply-To: <BYAPR15MB2277017397C6DC05471BE525B8819@BYAPR15MB2277.namprd15.prod.outlook.com>
To: Venkatraman Ramakrishna <vramakr2@in.ibm.com>
X-Mailer: iPhone Mail (20C65)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/cdGFMlFNiQL1Hi4BD8iTGDUR4UM>
Subject: Re: [Sat] Views
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Mar 2023 23:20:42 -0000

Hello Rama,
Basically you are proposing an additional procedure where the network of G2 enforces the security regarding proof generation by G2, correct?

Are these additional functionalities and changes to the security model desired to be part of the core protocol or particular instantiations of the gateway (eg plugins)?

Rafael 

> On 21 Mar 2023, at 11:26, Venkatraman Ramakrishna <vramakr2@in.ibm.com> wrote:
> 
> 
> David,
>  
> Sorry for the inordinate delay in responding to you on this topic. (At least it was not pressing, as the “view” drafts are presently not within the SATP scope.)
>  
> Yes, supporting Views (and View Addresses) is meant to be an additional function for the gateways. I don’t recall how well this is sketched out in the drafts I linked to, but there is more work required at G2 in a view request-response protocol. G1 simply communicates messages back and forth within minimal processing (assuming the address of G2 is embedded within the View Address) whereas G2 must submit a request and collect a response from its backing network just like G2 collects evidence for a minting in SATP. I’ll try to work this out later once the SATP is more or less crystallized, but I think supporting views and addresses will require relatively minor augmentations to the features that the gateways must anyway implement for SATP.
>  
> There is a basic security problem that arises in view request and processing, but the solution for this is built into the end-to-end protocol (https://datatracker.ietf.org/doc/draft-ramakrishna-sat-data-sharing/) in the following ways:
> The gateway (G2 specifically) is not trusted either for integrity or confidentiality purposes: it simply returns a proof generated by N/W2, and it does not have the authority (or capability) to unilaterally generate a proof that G1 or N/W1 will accept. In this respect, the trust model is different from what the SATP currently assumes.
> The network being requested for a view (N/W2) will run an access control check before sending a response. If N/W2 is a blockchain/DLT, for example, this will be a consensus-driven decision executed through a smart contract. The right “proof” can’t be generated unless this access control check is passed by a quorum of honest peers.
> I can’t think of other security issues. Do you see anything that is not covered here?
>  
> Regarding the utility of this procedure: this protocol was created (and implemented) to solve a particular need for the sharing of ledger (or smart contract) state from one permissioned DLT network to another, and we just extracted a common pattern and found a mechanism to handle it. The use cases draft (https://datatracker.ietf.org/doc/draft-ramakrishna-sat-use-cases/) has examples (see Section 3).
>  
> Rama
>  
> From: sat <sat-bounces@ietf.org> On Behalf Of ladler2@bellatlantic.net
> Sent: 13 January 2023 00:54
> To: sat@ietf.org
> Subject: [EXTERNAL] [Sat] Views
>  
> Hi Rama: I am referring to your two documents linked in your Oct. 17, 2022 email. In the SATP process the only use I can see for a View is to examine the Digital Asset before it is actually transferred. However, it has been stated in the WG
> ZjQcmQRYFpfptBannerStart
> This Message Is From an Untrusted Sender
> You have not previously corresponded with this sender.
> ZjQcmQRYFpfptBannerEnd
> Hi Rama:
> 
>   I am referring to your two documents linked in your Oct. 17, 2022 email.
> 
> In the SATP process the only use I can see for a View is to examine the Digital Asset
> 
> before it is actually transferred.  However, it has been stated in the WG meetings that
> 
> the details of the Digital Asset and the transfer must be specified in an agreement that
> 
> precedes the transfer.  So supporting Views is an additional function for the gateways.
> 
>  
> 
> Adding  the processing of Views to the gateways may be useful to support application
> 
> communications between Blockchain networks.  But the additional security problems View
> 
> processing entails is not justified unless View processing is required for SATP.
> 
> We also have a great of work to make SATP a useful protocol in the real world.
> 
>  
> 
> David Millman
> 
>  
> -- 
> sat mailing list
> sat@ietf.org
> https://www.ietf.org/mailman/listinfo/sat

v2.23.0 | Report a Bug | By Email