[SCITT] Re: Issuer signature creation and TS verification
Steve Lasker <StevenLasker@hotmail.com> Thu, 04 July 2024 18:16 UTC
Return-Path: <StevenLasker@hotmail.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B803DC14F6FA for <scitt@ietfa.amsl.com>; Thu, 4 Jul 2024 11:16:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.233
X-Spam-Level:
X-Spam-Status: No, score=-6.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5oDIV3-VWgQg for <scitt@ietfa.amsl.com>; Thu, 4 Jul 2024 11:16:43 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10olkn2052.outbound.protection.outlook.com [40.92.41.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D25DC14F701 for <scitt@ietf.org>; Thu, 4 Jul 2024 11:16:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BOf7bTVmbdlVwNgBUGV1mrTgaQ0HebAkHwvKy9O4t3KKM+K2UD6Y8fzHmbHZNuNfOumUASAOJd+kbR1hUfWu9t6Sql1BsJ+NvxrA7UN9hNE/62+YwvmF3fY5+Z7L992WB3XvEbTy5gC+JKE4eXAbkmHpS6VjvfZDKPz1AzyfF2ckOen3HdJ2SiaDvOM3GN+xO2tt6m1OYoPz/W4jeT0YvswqUXX/jfN4t1fMobhtEfIMjFKtggLSWW9OJwtMQ2gQj9DV7BmMLo8AusKV1vs1CWJoPwZjW5dpdJI7rF28dBja/SxBiJ5xlLQzfTIklHEC787VLqDKhHNoLkFmZChHIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gzs23MCbsznUN6troyjB0edAwkdLiy9pRF9kQn9eaPY=; b=Cxis8Lc04WtiwdO5DKX6Ao4uTe1ZiBOIYrqcxN1Nfn2xtpxCO+wSBoAH4BczHuuM7WKMp7OhbDC1doqB/ELkVVAadgMW/OpYIN9o/mGXMnfFvyKZAg9Bd2CX+5+LVlaOQhPGTMWZ8Yuei3p6YN614BQrN7ppFh3DRF/Vq1S/kawL9ymWp3NajEL5PcE7SNwclXANHcfr+qlSE2gAirCh9YQaV9aFwGPuHVPblFDfWI0aIIqLaqn842lHRKb30nTdey1Tnv9xoZc0HSxsOzuInF+7M2ra3/s76MjxTHrI57ISyM6wEQ4PnAYugt6SlPSPCEG0Z18sBeTwS7O7gMSE9w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gzs23MCbsznUN6troyjB0edAwkdLiy9pRF9kQn9eaPY=; b=Lb86PrabNPoKf1QuCRtc920JozyT7ea95EKdlKotdH1dZWXXUe7IKkET88otaiJ194JElSkIUrbVAjmr2oile/cHWi0LbuC5lg9kTRO9lL3nGLac6zaShQR+qXa8Oy952ci87+ed/2QelZJkRRyMD/hEZjaNTk3caW5XoYeD2FEMzK3K7NDmnStR6Y9bW71xSrsA8M76ZDI4kmGBX0wE7zbsmC0iq0l7wkY/eg+jXKd/9Oi3ejh7QNfXVgAqxEqAwpYsEmgZkIViklZxpAhnCUZQZm1nlB9XasmevL7eV+DMXt0WNZvycTZDKz8VziGQB2SvVVbazmxW7fhBe8fFSQ==
Received: from SJ0PR17MB4334.namprd17.prod.outlook.com (2603:10b6:a03:293::13) by SN4PR17MB5846.namprd17.prod.outlook.com (2603:10b6:806:215::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.29; Thu, 4 Jul 2024 18:16:41 +0000
Received: from SJ0PR17MB4334.namprd17.prod.outlook.com ([fe80::a275:16c5:ba01:d4c3]) by SJ0PR17MB4334.namprd17.prod.outlook.com ([fe80::a275:16c5:ba01:d4c3%4]) with mapi id 15.20.7741.029; Thu, 4 Jul 2024 18:16:40 +0000
From: Steve Lasker <StevenLasker@hotmail.com>
To: "dick@businesscyberguardian.com" <dick@businesscyberguardian.com>, "'A.J. Stein'" <ajstein.standards@gmail.com>
Thread-Topic: [SCITT] Re: Issuer signature creation and TS verification
Thread-Index: AQHayk+gfZCOYzxWkUGRUeBji3kzbLHkVjEggAAVXgCAAJqtAIAB4Lbg
Date: Thu, 04 Jul 2024 18:16:40 +0000
Message-ID: <SJ0PR17MB4334568D898D7A8BA8C0FCBFD2DE2@SJ0PR17MB4334.namprd17.prod.outlook.com>
References: <CAMvBLPKW4CJPUV2T-efj4jgtYaK2qzcqX__8UuNC5mLsmQRk-Q@mail.gmail.com> <182E2CEC-4775-4F8A-848B-C20C5D731664@datatrails.ai> <SJ0PR17MB4334D48696B8E7399CBCB606D2DD2@SJ0PR17MB4334.namprd17.prod.outlook.com> <CAMvBLPKbA9NzCO-dvs1XNhuzNJak9oD7BavJzpycduOygPnNeA@mail.gmail.com> <341101dacd4d$710e0110$532a0330$@businesscyberguardian.com>
In-Reply-To: <341101dacd4d$710e0110$532a0330$@businesscyberguardian.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-tmn: [+rmzaeUwQRWQjeqsmKcyC4tZMGbgwxD4]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR17MB4334:EE_|SN4PR17MB5846:EE_
x-ms-office365-filtering-correlation-id: 8d5df3c8-839e-4fea-1440-08dc9c557374
x-microsoft-antispam: BCL:0;ARA:14566002|6092099012|461199028|9400799024|8060799006|102099032|4302099013|3412199025|440099028|1602099012;
x-microsoft-antispam-message-info: NvHM7EqB0stjpjAUm3vSXZVqKciUDrOwTAe4gTz2v1FPq/rYU3lQ2zE0RQEW3U1ZEa+LSabLzvQI9V3zIFP8Lzyvqf9UhBrbk29jWjqFB+QjmYKgWFF+2vGO+wbO97IX12OQ4qFQq3I4UpbHfzOb0Hv6XYnOpjye45e/262WSLUdsmlbdk+2zL6P2WhSL3SWMH/ZhQHZ1wdjYjJkSO8biqr5QsZAelkc/oyHZGFiaO2kIeFjTslQ34GyLSRcRQfqmKPbjxRSjxn2mHEo9OVYiEtbzndm8RvpyQqP33hdL7rTA/g+9o0Pz1nifacGl3wGP9nnBAVYJWxYCv1sskMFwGPFibAx8EXgfbvOXu2coeiKjzhJDIgHbwdwhGqT6osmLo2rRVqshX+C7a+bDaRqoFnw+qwmG5WTKvclkNezy24ySrgiGL5yPYaqRlU/jZG2u9CLaxl4Yg+REGZ6Ra7GFkUQQc0gV1m8TQcXk2r3Bon9AYn+cBvYbwcqTVIbUXkUtvmQUHtXAMobq+GNnpbEBBF8lJTk3n1ix/aH7GSnqDvjUmPIIfZ8JxZLwqaeliB1CDacVxFNrz5f/AjrZhlbURFQJ/z2N89eVG9nrLQvZ3MQkS/OAHFfGap7Q3oKc9ValRfJ4TOUdlLYvzibwfP4LbgsBkhYSyEG3Ivt0p8LQzORYuX9pU37+EAIhNg8Bmc64TZQ4NFFR2UJk4yaQeXpqGsy4Exfd5j0cb90UBvuK9j8FWJwHAdw/E2UbDvOuTC8t8Iy2Nbvs5G3kqDM/jfhjQInMzcz8NVKYLTMx3GtfYk=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: bwO8UXFq//LANSpkySK2N1yJ5JT2YU6tWTFls2un2gTcId1ai1PqCLe0ZfeAO9O3g0yzZc8guYSxUgGK1bcWWGQgkYoTddlWl1YnwSm8IVDMGY9q4vydFCuFlo1nFp3iqTLCrXfd03hqYz734ZAjJ4loLiA8RIqVw4Npzq7L6nAmNmvS8vS0Y0vLCWMWcq2N8lfwRskYQTbOx23MLeqNnu+b4OAD21MSY6eDqUrvE7+lVPiJMHfsRvoFBW8j/O4kY3wzTShVsXOpq/JSIO+jwXzkTupg0a6KcOtPGtnBKfWfokftWiHqOXdO2h8ulYN1dWHvqPbbgDBR29H2vwYkRUq6w9Wzu8M/rDlHH0OWB4b/7CZHqEK9TyZmHbPkkuxPPW6kt3VjXlI16u+RxUD2TScO2bufHGsWYzdIMA9ZBdbm5aUkyAe1stwiqqCvhTmJgjQQPRPf8FyG4rXl5ACuWFLyemgnKITm15Uoe5dJOCnLrv/pO+Jaw0A72AL8E1Km3BbGD35pTYO6f9xOyyw2ZpsSM3GmalrNhT0EXF2QKzNElW8JvN2GHJo00OOyBvKlz3yYewjX39Teqbpvqufyrm0ZKRS20OePGnwPPZTdNNlnvwoZ7h/WpanUcQ2GqtF0zavT7Jz3rxBJRPYEQXPtFmerg5TcGjInyEah5RzCwWGouc5ffx+0DZqY+TtGsCbhsgFk7VUJtKN2+Wf5oVdBNvrUzXDlIxcYb4EVCoN90Y8NvtYCeL0ABOt0oBMeFyhnJveT81De85l8QH3hStLfclsZbyNh5aDIgVnYI3TjbltNGz7t4VsY7VkjGbt5i27Zum7z85fY5TzpO4V8kdOgBrDqLCvqBF8k9NnM/LkVHxN9cGnLRqH+G5AVepOXNV36+mpH2/Z4LE36Al/dh84kzzQ5SgA24ZbVITVe+bYerrhQyZOtxU6p/wqRrisLZPbD8pqYBjWqdXvJI+YOQPrW7sTCBKaDU2i8OSuxpKo7knd1eM4cWF96jL/oPyZ7u4FL1Z+hOgXgyJxlI+7Ekty93y/58CvN7R6gDOfdvpzGj/AGGrXmXTtTvlL7OvvVGKUGD6Au9v1Iw45KiuZmkBsnl8GVj9XSQqKSjkEobUASoVegqAKdNK65dmaTEkP3mJ9QeqJbFCBwk7Ouqpl5odBoFhZHzYI6xT1QA+8s1Od/IKyHD2fKTyAbuwBYnV0rTARr1g7vxXTe1NMAaDnrN4qByKjt4dwy0+Z6Fny5QaHdDPA=
Content-Type: multipart/related; boundary="_006_SJ0PR17MB4334568D898D7A8BA8C0FCBFD2DE2SJ0PR17MB4334namp_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-c704e.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR17MB4334.namprd17.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d5df3c8-839e-4fea-1440-08dc9c557374
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Jul 2024 18:16:40.2523 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR17MB5846
Message-ID-Hash: X7CG3WFDKA6BPSOPPFYD7T2NUGXTRJ6Q
X-Message-ID-Hash: X7CG3WFDKA6BPSOPPFYD7T2NUGXTRJ6Q
X-MailFrom: StevenLasker@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: 'Robin Bryce' <robin.bryce=40datatrails.ai@dmarc.ietf.org>, 'scitt' <scitt@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [SCITT] Re: Issuer signature creation and TS verification
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/DWljF6HWeof-anN-eQuq8BdMyog>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Owner: <mailto:scitt-owner@ietf.org>
List-Post: <mailto:scitt@ietf.org>
List-Subscribe: <mailto:scitt-join@ietf.org>
List-Unsubscribe: <mailto:scitt-leave@ietf.org>
A.J. > Going back to my question about normative text, does that mean for an alternative system with kid to be specified, one needs to document an alternative system later on with verification procedures to be conformant? It would seem that is implied by your analysis. That may be something we want to make more clear in this section then if so. I am curious if others on the list feel similarly. What I think is being teased out is whether the use of x.509 should be defined in the architecture document, or it’s a referenced example. If someone is using x.509, or pgp, the specifics should be defined in profile documents. This way, as new identity types are used with SCITT, we don’t need to rev the architecture document. Each spec would define how the COSE headers would be implemented. This would enable pgp experts to define how they believe it should be represented, or other/new identity types to define their behavior. I’d be supportive of changing the x.509 to an example within the architecture, as opposed to “the” rule for using x.509 within the architecture. From: Dick Brooks <dick@businesscyberguardian.com> Sent: Wednesday, July 3, 2024 6:32 AM To: 'A.J. Stein' <ajstein.standards@gmail.com>; 'Steve Lasker' <StevenLasker@hotmail.com> Cc: 'Robin Bryce' <robin.bryce=40datatrails.ai@dmarc.ietf.org>; 'scitt' <scitt@ietf.org> Subject: RE: [SCITT] Re: Issuer signature creation and TS verification Steve, What identifier would be used for a PGP signature? Thanks, Dick Brooks [cid:image001.png@01DACE03.A1F8C5B0] [cid:image002.png@01DACE03.A1F8C5B0] [cid:image003.png@01DACE03.A1F8C5B0] Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report!<https://reliableenergyanalytics.com/products> ™ https://businesscyberguardian.com/ Email: dick@businesscyberguardian.com<mailto:dick@businesscyberguardian.com> Tel: +1 978-696-1788 From: A.J. Stein <ajstein.standards@gmail.com<mailto:ajstein.standards@gmail.com>> Sent: Wednesday, July 3, 2024 12:19 AM To: Steve Lasker <StevenLasker@hotmail.com<mailto:StevenLasker@hotmail.com>> Cc: Robin Bryce <robin.bryce=40datatrails.ai@dmarc.ietf.org<mailto:robin.bryce=40datatrails.ai@dmarc.ietf.org>>; scitt <scitt@ietf.org<mailto:scitt@ietf.org>> Subject: [SCITT] Re: Issuer signature creation and TS verification On Tue, Jul 2, 2024 at 11:03 PM Steve Lasker <StevenLasker@hotmail.com<mailto:StevenLasker@hotmail.com>> wrote: What this is saying, in summary is: * You must have an issuer identifier, but no specific type is required * If you use x.509, you must use x5t This is essentially a profile, without specifying a profile, or an example would be a simple step Thanks, Steve. Going back to my question about normative text, does that mean for an alternative system with kid to be specified, one needs to document an alternative system later on with verification procedures to be conformant? It would seem that is implied by your analysis. That may be something we want to make more clear in this section then if so. I am curious if others on the list feel similarly.
- [SCITT] Re: Issuer signature creation and TS veri… A.J. Stein
- [SCITT] Issuer signature creation and TS verifica… Alexander Stein
- [SCITT] Re: Issuer signature creation and TS veri… dick
- [SCITT] Re: Issuer signature creation and TS veri… Alexander Stein
- [SCITT] Re: Issuer signature creation and TS veri… Robin Bryce
- [SCITT] Re: Issuer signature creation and TS veri… Steve Lasker
- [SCITT] Re: Issuer signature creation and TS veri… Dick Brooks
- [SCITT] Re: Issuer signature creation and TS veri… Steve Lasker
- [SCITT] Re: Issuer signature creation and TS veri… A.J. Stein