IETF Logo Mail Archive

Re: [SCITT] Constraints on unprotected data in receipt...

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 12 May 2023 10:38 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00076C1516EB for <scitt@ietfa.amsl.com>; Fri, 12 May 2023 03:38:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xwOTKXIG-KW5 for <scitt@ietfa.amsl.com>; Fri, 12 May 2023 03:38:22 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DA97C1516E9 for <scitt@ietf.org>; Fri, 12 May 2023 03:38:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1683887897; i=hannes.tschofenig@gmx.net; bh=S3KPpGKADl7WV9AmiAQTr9cFQ8GKcvOKv/uL8k7QNOo=; h=X-UI-Sender-Class:Date:Subject:To:References:From:In-Reply-To; b=g5y2YRGxV2684Hm0CdhmRafgkhQMD5oUocgL/hKl5MrOYNw84V8bmvyZnv8MhesNo Ym3eIKr77KD0Z9xGTmq+0mQSUW4Ftmnh20JoFxE9IseXMaIHjBoBlYu2mO97llbO7K K264ET1haIQoWzdbR+x9TwN7Fu5e4jq+7wd4qEYPosXnCbCQmqh2GsM3V7iG4lRUfZ Pw2bxgbhyL1tgiNoetksh+L47LrLrP81B/hzxE92ApEmFKOWHaIO+A9sr8EMwNhFQx VbXI5KMUcHzJqr5vHkeqw3GOo1mitV9nZmeAhwUawrqBqSzZy782ftn3vIbGmo8pbo jORPP2Vohb4yA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [172.16.254.181] ([195.149.218.225]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1M6Db0-1pqoS12SNc-006hvf; Fri, 12 May 2023 12:38:17 +0200
Message-ID: <70a90ae7-7460-262b-ec47-9b59fae757c5@gmx.net>
Date: Fri, 12 May 2023 12:38:16 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.1
To: Ray Lutz <raylutz@citizensoversight.org>, "scitt@ietf.org" <scitt@ietf.org>
References: <5b797713-0618-1eb2-1b74-ecee65af423b@citizensoversight.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <5b797713-0618-1eb2-1b74-ecee65af423b@citizensoversight.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:irMWGfBFxSCiS+hfRNLyWYmyhydk+mfBe9qfTg6nYCx9nLaQb5/ hRX6GjQOHlsQ/dhe7NeCy5QTIOU2/5V5OwCQ/WSeDjNpHoo+bcGRnAwctsJyH8YHNwnfB8A DZlyHMtDhC2isEgivQfblWjTEUNJsbGfBtJ8r1v2PRP+ScMOOhsv8HHEYl+g9Se7B5dHSRY c9MNFta87MVelslKcgLxg==
UI-OutboundReport: notjunk:1;M01:P0:O/BvUlUOZ7s=;R+inv72rlNOEWXLUG14G/f0db1I tYW/7Tj7EP3OkcGYcqMX+3/1dxLJ1JkqOGGa2YeMzBeAHmzOoT3rWN4VIufJD+JPyFkn6i7ng q6MvEqKQfuXWXc1T88bmHgg0QH/xQrtvfQURdK912F7/+gynfrntVNkkemKkzHr1Go0j5fuNh YrJjOUtTmQ8gssB2bfn8BZd3wDg0vTI23usTXXVjTQG6bJq3k+EAxFBsPRlDdu7dkolqIesJb n+fPYc7FWzRyEFlKuKegAJEWXZGsmGtlZW2wQweB6EAq6RUrYVkpfDfQRDtsW5nS6fQAcajqV I8il1K11Cbyc1lkZRqF4qdxokdPB4gYCa7RzOWfcdAR2eTJkvf3WacRwZY6F+A8xhrfWhg2fn 2ojGHqaRx7/fGCJW29jK3nbrlABUxgBhr4lQSB6zU25DwDSdtvWkz+/F9KPQt0ga7rUS8fu7q la9hC7JPMjjjn22nJNNbmeEftHe6L4rTJOFzY/qXLYseSm5cK7oeQBX5P78rLRvUEyTdosZ5K Retv39rw/ZoWhkhC1j8VEKfFdrVB3ZoQWfO6FxLOWPM+5Ug37dV2HyCYFydUeFNI/H1Q9odn4 JVdbH6NNgGl5Wp5K9FUs23/IbAhaLRdnBpnfDQNiXPhI2kxG5d35Qp4w7PqE8rCp3WaZnX6Tn Nz95L3DWWbiWIClsllAtpZptk8slrHBrdQVGHklaF38J6/pXjVn18qiPi5gwlyDVHMDkHtvQE rlMxCuUU99L4lZX5xTDNHCAPCo6ax52ul4/YxhvtVceZJXhgokF2k82WemM208Ux5moA5F9ec HbmVqKAKsb6r/1knq+BwI/GCMl8ZFI/MuznriOTA1VuOiY68m6ggp9HjSR3PZSC472vMgS97e hT7ETEs4G80c85G/aBO9mzsf2eoFtFJgbleWzPR047Jz+zeo5CzQgjLoPBZatYxZjcBmNvQcE uHNTLA1CLAqGACIsTqNgylsEw1Q=
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/2LJmwC01W5ZDXuVckfXejukZNMM>
Subject: Re: [SCITT] Constraints on unprotected data in receipt...
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 May 2023 10:38:24 -0000

Hi Ray,


before I share my view I have a few questions

 > The question is: Should the public key appear in the unprotected
portion of the receipt, or can it be an id of the public key.


Which public key are we talking about? The receipt is signed by the
transparency service. Are you talking about the public key of the
transparency service? It could also be the public key of the issuer? Or
both?


What do you mean by "id of the public key"? Are you trying to stay that
there could also be a reference to the public key (in comparison to
sending the public key directly)?


Why would the public key be included in the receipt? Convenience for the
recipient? Does it need to be the public key? Could be the hash of the
public key? Could be a certificate or even a certificate chain?


Ciao

Hannes

v2.23.0 | Report a Bug | By Email