Re: [Sat] Views

Venkatraman Ramakrishna <vramakr2@in.ibm.com> Tue, 21 March 2023 11:25 UTC

Return-Path: <vramakr2@in.ibm.com>
X-Original-To: sat@ietfa.amsl.com
Delivered-To: sat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ED43C1524AA for <sat@ietfa.amsl.com>; Tue, 21 Mar 2023 04:25:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, TRACKER_ID=0.1, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ibm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGKglZX7X2xu for <sat@ietfa.amsl.com>; Tue, 21 Mar 2023 04:25:56 -0700 (PDT)
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66AA5C1522D7 for <sat@ietf.org>; Tue, 21 Mar 2023 04:25:56 -0700 (PDT)
Received: from pps.filterd (m0127361.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 32LAtVj4016077 for <sat@ietf.org>; Tue, 21 Mar 2023 11:25:55 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : date : message-id : references : in-reply-to : content-type : mime-version : subject; s=pp1; bh=JXyyHKqqb3YXJcxfTD04+YMsXYLZEOxF5KBtRz68MGM=; b=MzA3pG5QSPFfGv1cLHDMvkaFWI+UGq2mI2c927vRkaxj8764eDFZgfRn4+O46A/tPaH9 /it0w9k1GFxpooyh2+qY6Vj5v9tVdS3/WL3iLgHVN6btZPgGJeir6rUbvWq8RIl40+Nc nLRpNIOdgtEbe3Izom0KNUvLY8PiMaow9nKBzYWg/s+aMcpAAdGajbVKWlkoUjM3Y9Ek a1+OawHUkvz5hnvMT6pTYQsrtIZt3oDQwcxZZpA0gAbatlnLkWXP3tPhBoJ/vtdBi2tc +/J973QmxRDX7e5YGujBvLE/LLFHbNZAB7hY4feitdsMuIKYKqtCtj89IKLz9ilVFkuK +g==
Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3pfb8q8nen-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <sat@ietf.org>; Tue, 21 Mar 2023 11:25:54 +0000
Received: from m0127361.ppops.net (m0127361.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 32LBNnK8038740 for <sat@ietf.org>; Tue, 21 Mar 2023 11:25:54 GMT
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2176.outbound.protection.outlook.com [104.47.55.176]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3pfb8q8nef-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 21 Mar 2023 11:25:54 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AzgF61v1oitBG+e0HaMNUmspliC22rxwW1uaaMaMv1dWU5DgEtECsBCmphMt2mZ5fO2BwVQeOYvEonY5HEZH+pH/X/jSChncyV5Z2/1LxHrWaG66jzWBsHBn95oAE3AIuiKCh2oSUl0GtoJlFbrycd9CZIoZLSMGTMLpxblqenly1ir4V9ViZfnmfZSCR7+uXFo99d5Sz5KgRqTWQvxtFo3QLgxH4NC1dOK6yPUL0At9gr204d3FpvpfiNrL0aYS4IXTxjgjOUmBwCIWGpTROZzAVF5l4a2Nvx90t5NRbJQlO9NJDuPu/OQDFZHD884LucBAd1nq7rtBCjiu82S40A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JXyyHKqqb3YXJcxfTD04+YMsXYLZEOxF5KBtRz68MGM=; b=CcotZMGr5OknUifKiD/L/3ABAY4H9DebzCAbzouBOmUHt75J/c1z+u0gk6KL+fWo4v7UpOclvhq/doLV2yPovWGsq6oZAS6ulbEUguJr+5t21Ab/AXh8PRvyvlkfUllr7R2qxKZi9200R6pyeg5ETjsgl7cVefV6nGai8+S631VwDCEQ04wvNV8cTJOwcInK/Qo46QvbyJIZEZ2gqTEObiLGJkXiM6DP2RIicCvrZ+mCbi2OuTQVSnKAuX6Lowag3fkyx6GvqiMHBZg2U0zjuS+ClqaZaCr3F6MgEOMdwIVCwEMQetqXCcltD9UgNfhhuXfeMUU6itQCvjvp5QOnbg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=in.ibm.com; dmarc=pass action=none header.from=in.ibm.com; dkim=pass header.d=in.ibm.com; arc=none
Received: from BYAPR15MB2277.namprd15.prod.outlook.com (2603:10b6:a02:92::30) by IA0PR15MB5862.namprd15.prod.outlook.com (2603:10b6:208:408::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.37; Tue, 21 Mar 2023 11:25:52 +0000
Received: from BYAPR15MB2277.namprd15.prod.outlook.com ([fe80::4e24:17a0:3cef:948f]) by BYAPR15MB2277.namprd15.prod.outlook.com ([fe80::4e24:17a0:3cef:948f%4]) with mapi id 15.20.6178.037; Tue, 21 Mar 2023 11:25:52 +0000
From: Venkatraman Ramakrishna <vramakr2@in.ibm.com>
To: "ladler2@bellatlantic.net" <ladler2@bellatlantic.net>, "sat@ietf.org" <sat@ietf.org>
Thread-Topic: [EXTERNAL] [Sat] Views
Thread-Index: Adkmu23iSJrfYyPvSw6nND+b50Qxsg1KNqSw
Date: Tue, 21 Mar 2023 11:25:52 +0000
Message-ID: <BYAPR15MB2277017397C6DC05471BE525B8819@BYAPR15MB2277.namprd15.prod.outlook.com>
References: <000001d926bb$6e9a3500$4bce9f00$.ref@bellatlantic.net> <000001d926bb$6e9a3500$4bce9f00$@bellatlantic.net>
In-Reply-To: <000001d926bb$6e9a3500$4bce9f00$@bellatlantic.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BYAPR15MB2277:EE_|IA0PR15MB5862:EE_
x-ms-office365-filtering-correlation-id: 3071d946-f8f0-4f13-e93d-08db29ff07d6
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RQffAVR8LQLRjE15wf4gnrSKlJMu3MnSticlVuguUIiFO8a/t1cryc60YyfOq+vKzjU9IiG9ObQPDQddmdiKOMsOOLmo0hw/+dZ28m/rewKNoLG2pXlcjI3RlcIhdMnI7uUxj8wSUhha3xdyaM8H0y3XA9TeyIlyXDIy7upzRjj+aJ5Fk3ZEwzsPi3ITGIMr+Mo1BEli2mIJaIS70MfAOgxC+joFxVUiRnPgaE2Su0m8WBYz1CFHRkKAtwHMt7Tczb91p5hDhXqRRjzCJSvNd1Y4KkEFKaoLvrLWb1uPu7FS0QlzbNO+agLcej66b22oeVXprev8W9ytA+Bh4WJdpvthFXq05jXZ/hXMHsn1LTb34/Upbi9ZRwaQPqRIzL7sxVXQejh+KLw2B0+kg32Tg4+QJj3zmz9QECWCKX+C/BOwAN1/Q7LM0R9+l5CTlcZ8tiJU5OkssxOF/xcTf2T4IXUqnWXryUcpNpW37AK7iWdjyXYJjBojCbit8akLvD2cgRwaGQyiXr2dg98y5dFAb+hNWrl4ND7IfhSHrhu31oa60S2l5A8QxZKiyO7qu0kDLE+mGDJ22qPMTteATPmONOcCbg7p1PwzsV00cDwH/cry5SRNGlgNfWfa5M2GRCBPMCOJM8EwVSaRh2uUhk5Vwm6cOPQj7qrExpujLfOCXRSNhHmOYt0RlZnE3cXq635g7mG98ejgj6IgdlbgLr4/agMYjdx1CTgMiWTZuHycq0Q=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BYAPR15MB2277.namprd15.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(396003)(39860400002)(136003)(366004)(376002)(346002)(451199018)(38070700005)(33656002)(316002)(66556008)(86362001)(83380400001)(9686003)(41300700001)(26005)(186003)(6506007)(2906002)(52536014)(55016003)(53546011)(8936002)(66946007)(76116006)(8676002)(66446008)(64756008)(66476007)(5660300002)(45080400002)(7696005)(166002)(38100700002)(71200400001)(122000001)(110136005)(478600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: oqp6j9d0t6UjUvrOb9xgtWXs9NBJhGizQT+SbYliuK0OsRqPVhazPFaLywegJ8IUKE19CoysQdrx3km2bakUMg07vZXjE787vnTqGjGBDD3OmRHyoc9CdpSG1lKpVigNJ2b+PDHymZ78NHj+PtG43vvHz5OzG4Wzrfv5Xq4//O08Q+hKSpYToszbKIvn744Bzhz87hXzXBx6aWscbcmGcRr8DDJFsTDTwQWtt62h2MqY5CZqcN+UNWuEbhUSHJzr9lnHqAGxk4m2a8g+n5iyU1QNL5zgQ0c0yUmug3F/IG4hqzcJObK44BzePGnQ7LSXXTN3Iw0gme5dKOeda1ouquWk/hNi+BewTczxCKqJxGUUvuPM5pImVyuH21pFUgSOaRCKL5B5GCL6zGAfxIoRfGF4jWT1DPVWhxX1reqNiJi4zUTFYak+B6tV7uByTa9wdrw9JX5CpXn1M7q/T6jnwfUnfB688XDANqyd6PbXv0ZHoyn7YVram8Ga8qu4wYDh/6+6Jr8/iSFtkI4jLdiR6xCfUoOmSjgK4Piy/8IVUOAk7+Sok9j09buVJ7k/8IKOGieyLrUEIPDrdUpkbcfAbBU9C1PoL4qrDG5hQOPJaA++HaHFpJI4SXZzdwYw+AchwCYe5zv8JQNP9fvPgCRHY0kBWzmXVDbIZeNw3DD+GhHoRjHsOhElhu2lgCU/DDJTHCPe4wEbUwm2PGXvmDPmGYI4DcsBJYahMblNUXkqKQI7/15lTxokJjkBB6lLmF2ZqZU7DUZkIjDw10GnP8ggjD7JEALLribo9K0k1ReJ8n8MESpiYHWAkTOnhJaneW0NlljLErbvk4gdqf2OxmooDHaOFZvtRrlVMD1Gb5DO8xjx9yGMnVzRky7mOi58bbL64DKeEKsrbTZR616hNGW6GBO+EPgSrTaxO6l8Kr/jVkUp0975fF4/iPbPt9Ci0c+m1Ef8xwQXuGvGm8TI3KeHZi2HSlnifVmBC/vrwzc+8bfOmvEfyB53MW8u3tIK+E+g4csM/KUiULu8V46y6wL6MAieiOVn0eADbOQi78zUDH+AytGGl+YiMaIWAw7zDm39FdYWu7/4BEV6RXSk+xGpeT6fUcT4E6thQA+1b6ocdltlGZi1XWaJqeezzoJ2B29Fj79qrlHosX5wjOajUYgv0s5z2lOUuw4l7HozHWaQ1X/+N40WRrvbcVtvljL0zBtmwPkqZ1x1EnBtlS0iTbQs+3TF0Ai+Ml6SU3cSATKIa0EI91VTbEGJfq9EKoKxybqq0nWMAAkdRogABM9vai9ocCt33cZeRIwvfDYSjLV2/p03nMT7F0KcM2S+tQtyuskWoCUl6oT4Nl5fGsBIzOPIy02nCOCqY/ZcIlpmQUXzbG88RVYsTdnUR6zNva63uUGBboPk3VgpZUT4dQio8WKHXLSe2H3mhfe1RQnpjMDVbd2us4Kx8nkOhmXvo5Rfk0YQsYRTb4zxJ5WeSSRhzvWkiiqgtxsSttpo0kOrGPjlscItEctrMdDY+FDQk0RW0khN9iPkY6YHhs4S5HxyCdjUkAmhWQlPwFCXnRotaoJtt2Q=
Content-Type: multipart/alternative; boundary="_000_BYAPR15MB2277017397C6DC05471BE525B8819BYAPR15MB2277namp_"
X-OriginatorOrg: in.ibm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR15MB2277.namprd15.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3071d946-f8f0-4f13-e93d-08db29ff07d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Mar 2023 11:25:52.7356 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fcf67057-50c9-4ad4-98f3-ffca64add9e9
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: R91I8zJCNsaAAz4QfIeWcrnjF3lcCsBq0QzMwnP2P8z7SYow1zpRYxAFSSKCLPL32E7HsCGN1gaUjRUwuplHLg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR15MB5862
X-Proofpoint-GUID: MZK7AgiT66zoycSPxz25keL7HIejHoZ_
X-Proofpoint-ORIG-GUID: t1k2Y6R9t3ARbdyuuPvykQSfnxUIYYGh
X-Proofpoint-UnRewURL: 0 URL was un-rewritten
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 definitions=2023-03-21_08,2023-03-21_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 spamscore=0 bulkscore=0 malwarescore=0 priorityscore=1501 mlxscore=0 adultscore=0 suspectscore=0 lowpriorityscore=0 mlxlogscore=999 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303150002 definitions=main-2303210078
Archived-At: <https://mailarchive.ietf.org/arch/msg/sat/nbDKlQ6g9mcX9meqVfvVubW3MRU>
Subject: Re: [Sat] Views
X-BeenThere: sat@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "The purpose of this mailing-list is to discuss the secure asset transfer \(SAT\) protocol and related aspects." <sat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sat>, <mailto:sat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sat/>
List-Post: <mailto:sat@ietf.org>
List-Help: <mailto:sat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sat>, <mailto:sat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2023 11:25:57 -0000

David,

Sorry for the inordinate delay in responding to you on this topic. (At least it was not pressing, as the "view" drafts are presently not within the SATP scope.)

Yes, supporting Views (and View Addresses) is meant to be an additional function for the gateways. I don't recall how well this is sketched out in the drafts I linked to, but there is more work required at G2 in a view request-response protocol. G1 simply communicates messages back and forth within minimal processing (assuming the address of G2 is embedded within the View Address) whereas G2 must submit a request and collect a response from its backing network just like G2 collects evidence for a minting in SATP. I'll try to work this out later once the SATP is more or less crystallized, but I think supporting views and addresses will require relatively minor augmentations to the features that the gateways must anyway implement for SATP.

There is a basic security problem that arises in view request and processing, but the solution for this is built into the end-to-end protocol (https://datatracker.ietf.org/doc/draft-ramakrishna-sat-data-sharing/) in the following ways:

  *   The gateway (G2 specifically) is not trusted either for integrity or confidentiality purposes: it simply returns a proof generated by N/W2, and it does not have the authority (or capability) to unilaterally generate a proof that G1 or N/W1 will accept. In this respect, the trust model is different from what the SATP currently assumes.
  *   The network being requested for a view (N/W2) will run an access control check before sending a response. If N/W2 is a blockchain/DLT, for example, this will be a consensus-driven decision executed through a smart contract. The right "proof" can't be generated unless this access control check is passed by a quorum of honest peers.
I can't think of other security issues. Do you see anything that is not covered here?

Regarding the utility of this procedure: this protocol was created (and implemented) to solve a particular need for the sharing of ledger (or smart contract) state from one permissioned DLT network to another, and we just extracted a common pattern and found a mechanism to handle it. The use cases draft (https://datatracker.ietf.org/doc/draft-ramakrishna-sat-use-cases/) has examples (see Section 3).

Rama

From: sat <sat-bounces@ietf.org> On Behalf Of ladler2@bellatlantic.net
Sent: 13 January 2023 00:54
To: sat@ietf.org
Subject: [EXTERNAL] [Sat] Views

Hi Rama: I am referring to your two documents linked in your Oct. 17, 2022 email. In the SATP process the only use I can see for a View is to examine the Digital Asset before it is actually transferred. However, it has been stated in the WG
ZjQcmQRYFpfptBannerStart
This Message Is From an Untrusted Sender
You have not previously corresponded with this sender.
ZjQcmQRYFpfptBannerEnd
Hi Rama:
  I am referring to your two documents linked in your Oct. 17, 2022 email.
In the SATP process the only use I can see for a View is to examine the Digital Asset
before it is actually transferred.  However, it has been stated in the WG meetings that
the details of the Digital Asset and the transfer must be specified in an agreement that
precedes the transfer.  So supporting Views is an additional function for the gateways.

Adding  the processing of Views to the gateways may be useful to support application
communications between Blockchain networks.  But the additional security problems View
processing entails is not justified unless View processing is required for SATP.
We also have a great of work to make SATP a useful protocol in the real world.

David Millman