[secdir] Re: [Last-Call] Re: Secdir last call review of draft-ietf-asdf-sdf-18

tom petch <daedulus@btconnect.com> Wed, 29 May 2024 11:30 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54FA3C14F6A8; Wed, 29 May 2024 04:30:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ArW2Vt7QKOSm; Wed, 29 May 2024 04:30:42 -0700 (PDT)
Received: from EUR03-VI1-obe.outbound.protection.outlook.com (mail-vi1eur03on2089.outbound.protection.outlook.com [40.107.103.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03B54C14F600; Wed, 29 May 2024 04:30:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=llmSsSTKDHjhwZf4eYaS5gWJ0HYRfyNIS+DqmeQvKoYJtPcYDJEOZrw52SzYlA8lj1666YlIoqKbzKfSM3EStwq/G3+39257Mj+z3wnxdpFcewt3VFqM+LEeCKepX4nCmDoYHU/PV5CTJUdZLCa5dxCrrvpacn+locKlJ2NigYjE10HTKL6eIirpW1ei8x7VH8bs7kfbt9/LQPDsGHSj14N5BpqWcESxQC9Jk9RzLTMwJkJhffh91ndwY0IqSQIxywyI6DDB3DxOnxsCLwTCZEJu6ubEpZauYkVt3NgijVASivUfJDf278YRNnkgNCVGqaJoJuM7svyHf6yBruY63w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/7mrXED2ZB7XA8ChhGhGPlk5hIv9PJ2ZKu4T7DlvUXA=; b=JxnE5JZDTQx2wShvxNImr92MYOXu+p99cm8KQ6PZX9/IPBKhSPcP1Xeor3xnA6pqAywR1IA5hYNilmCiU/6sO0wM1Wv9zcpLzjKT2f9dCCvyLEUvM/6qIz/YTUnSNTUz+ft9AmN8W+uaboGGIjgf5gj7r2qtL7h+1pfUK0UEqNZF/a2Xypiotp/Km9Ej9/ByQZqnopMlZgkuVKxoHBm5VHQCxlIBAOZZjkbv1T/YMh7Ok7b9MPeFJmha28AWy+++5CacFWS5IatLAC+Pp+uVR87DAz1BLKcoWSXQGloNe2W+skrYB1ACh4gBaygmnu/kFJ0v+2hagkdvgJ2L5gbIog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/7mrXED2ZB7XA8ChhGhGPlk5hIv9PJ2ZKu4T7DlvUXA=; b=kMQ/b6gFObcNuAH4TdENWZLH7KfvzAZ22NZMy6ZaIAsO7PbEOUEw5PaYvA5EKyQhCgb6mRCVFDVU6gF0Cs2hz4pWs2r4kLgslGO2UO3kEsq3Jw2xaIrUZqLntfuDL1TCYJk1TnfBXfiUaKluXbYvVScikgq4AQ5RwcvNcN+neGw=
Received: from AS8PR07MB7143.eurprd07.prod.outlook.com (2603:10a6:20b:255::12) by PA4PR07MB8741.eurprd07.prod.outlook.com (2603:10a6:102:262::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.22; Wed, 29 May 2024 11:30:39 +0000
Received: from AS8PR07MB7143.eurprd07.prod.outlook.com ([fe80::1f4a:9413:949f:a423]) by AS8PR07MB7143.eurprd07.prod.outlook.com ([fe80::1f4a:9413:949f:a423%4]) with mapi id 15.20.7611.016; Wed, 29 May 2024 11:30:39 +0000
From: tom petch <daedulus@btconnect.com>
To: Carsten Bormann <cabo@tzi.org>, "Smith, Ned" <ned.smith@intel.com>
Thread-Topic: [Last-Call] Re: [secdir] Secdir last call review of draft-ietf-asdf-sdf-18
Thread-Index: AQHasTdu0jsdZiZoTkyCQ93ak0RH7LGuEJ3k
Date: Wed, 29 May 2024 11:30:39 +0000
Message-ID: <AS8PR07MB7143BF94C0A7A472FF6DE8E5C6F22@AS8PR07MB7143.eurprd07.prod.outlook.com>
References: <171687277928.58506.15548370459995846366@ietfa.amsl.com> <FAFF4355-359E-4436-BAE5-9CFB206ED70C@tzi.org> <CO1PR11MB5169BDBCDC98FFB6A501E71EE5F12@CO1PR11MB5169.namprd11.prod.outlook.com> <2BD9168C-498D-4EA3-89F8-FFEBE061B106@tzi.org>
In-Reply-To: <2BD9168C-498D-4EA3-89F8-FFEBE061B106@tzi.org>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: AS8PR07MB7143:EE_|PA4PR07MB8741:EE_
x-ms-office365-filtering-correlation-id: 70c6c1d8-f5f4-4deb-2d2e-08dc7fd2c439
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|366007|376005|1800799015|38070700009;
x-microsoft-antispam-message-info: LWVY8TieIxq1VbeyHXUdMKgjAJKqkOngevck7A2KkNXKGF/ofGWBI2cJlc9JMuxp3Un8dykdkTe0BlENw2qWe1iO8h/S5dciZftMoNyIn9MJnzHFHRD0a4BXBMrIm0EGQyAHeVNznSaV1jIbyhUpDBHir1HqpZzI5z2ANNQRMt2TfQIlD5krFD+cB9fgCAYBgjbesLusYLOPhrJcrwq4a902+SJSPvFeEbDEMc2mXkvbgEOqb0okbCBJizmufNk8GhbRAvlzBBnaPgpEIUauCIaMXVTCRm02CEAH+lQUVqStmtte4CXoJPH2cYEpJwpNC4puftbgUxUcvv8Gy0CkCP8CUJEU/d70uKYUDYnbXzZ+xGK2F3+3XDYT9WiDs9Byw34s3EM2+ua+V1FhY2xRKO8mBGG/vzPE/FtgDflE4ogxXGW0KByAvf4804IdU/JcdvKQ/7gxwRrYwgFeJtKpoaZsCho8sIa11ARwYgzC2OZuPUt/azWci/Z+vThc8bOvwVJaDj50aSK6OG1DwltwPQRa+wYzIvoxqETBw6FI+jnY2Sgsh4kXsTYnl+541mZJADAIktniN8CQ/Eshhk7dwxxKjmGEDf+UE4TCxbiQSW7eMguuoKCOnNC70Qv5cMyRaHqOs/wGBe5SHKCBoKJi4OPbXM0a8KPcz5pIrNiYPyhJps2p5EXM2AMXiIhDX388/ic4BdiU7LmZ5ECgA/MicrOmy6tLUK8D7DLw+gX/7aP0fZ13NE3ViNXSgQNXT6njk+4/ikYKpwRtoTC4+jdjoJO0yM8G6J2ilHccdo92KE9PKKgoWxSNnTYIEjMGKIpRzWnhH6i+IaRDuy1O1+Gb3JyqgLX4UWRVFWoDoXNqFR+uKz1kpzmkcaXpfCpedc8lWVnD/1gHdaSuSrfnCehZCyYI+RdQsqVsMVWO//1jefyBhwXFIOqbCokXhopdjcidQGAlUMXU5eqfkQj/m+2fc/Ot8gcj42pYB7JtQobd4jpqOlU62OOmKbkkVlUpKcdTRcWtD6AK+ctOtdenQcDd5xFUUNaqc0yqoE7ua7PZJuW4hvz/+QA+XkePknKJFbduCvHEtOPeXEba/T31p9d5js+amSA6CFPIQNUu4HttZ0/YEoXMg1kCRGyxTd9fXhEZM6POP+eGtmN0P467iZOX9l2JB5m3CwrrlFq03efas86Rsp7BE1iXG+JozXjZ+q4mds7ijS2nbIh2TqY/Zvj3zbxyY+bcyj7zrOST7ZZp+IKvvzrA6541X5TANwFFKsMfUpvKV3dD4zS0Uop5yUmKAw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR07MB7143.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(376005)(1800799015)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8fY/c8GqVul6ZH2uE2u1OXYw0i7KP6ig/W1Nt30sNhGjhMNY55QVFgQDA1kRlC8FTTFbYKH6a9G+bFbvUQgl0w25F7ovBuiTsJtXfMvawjNkA+U13nQzGurryZQoVU6rSfIEqx6DzcNyFn2yjKMwTipsUDoHBQBg42O1EoBZH/7pM0rruQ1+mlQb+faHBXI/Hgp6HZ9xFjVW+xvz+8svd7HFxg/oFzUZ4qOQoI3xz7K/ZCkUA1ojMLKSlBsxTQS8wo1y0jHU3ZcZV+rRh1yo8GmE7Js5tgVcNKZKUaIWd9JRF5DllR6XwvUVQSzMeI9s8uLCpeolj56YG0ajPNThjJwpbUtXBCJ8GDvF75DxaWEu4wuhOAz3ot2xMaa/BE9/N6P4+GEcqBK2I05ob1XLL8QHJr6TDSDxYjrZN0cuYJpajXkRk1oNkR9/UN6BfKa+gK0C6S5dhxA85D/9TgdNiv4rFFtoRQrhdb9EB/hByAQFhLYH0kJBAV5j05QFf3i2Jnm6UvZX7csgQMEFz8GDavbGIHaUylt4rejdWBaekVKyNpS49/aoh1aBQeWtoG+G3mF2lZe2YdytV/IB8vrMH4hl8wP36xhq76gIgLwK+eZAe6hj6Nq8k3Oo8kTAvBK6iIowpBIVn7iEF0MCPn4wBS1LuCpdUYsCLKFQtu1kZCcuoECIElGTzMGvtK/ZiDpMgEQCP63toX83WxVotFkjplW58jFBotE0m5Q+YNFLixVQM/hFdZ3fTPDUE3U8hUVAHv+6JKseRxbKK1MLJcspye8puZ6DMk5an28vD7WmOnWRvvX99xvDJg+5qbVYk5g9vtInDC4SY+md2dO+TW927BWUgNoa/S1+GN+NYMNo5BlZ+C/Tr0HaY5V0JMzOGwBoEKBuPGAkhXw5iyOv7p9Qc/OqxQhpZA9McEIGhkCm6ltvUNA7V4OB5gT5f8d7m1R2QWt1ZMvBSS2Ga2VDPsK9ecab9RIxg9Xo6NzogxdWdmcYbrKu75qV8Qrd4xGXY6wR9r69+1xqf/YDP6mxHsJg/f2fdqHbTVXn9O2hl+Xjb3jlXKb2t/Eq7JrM/3DkEYKkLE3vzwZTa8/+2VoyLNTmfUcR7DCghJfLzEpubXaDwdGcdqWBSypCdb3DUc4sIeuuRP/hcVWznu73NtTz8k8kk6u8YCv5f/ajikRn9MU1fcDV7XCOyIHZh4PicCz15+KkuPItTLowTjsXLXxfRCP6yCp9g6twh/0JuwEuoTv//R0gRg54Ae3nwx3H1uSCMcxxmnTdnU8pz+e+ehrYtu4ESofUDmjW4JnYs3nbq4YbhydEgiah/jV+Mrj+kjiYGCDCwPR1k//72cUif/wICkr59YhJRMuYc1XypwnMaI31863QwZDTBO1LC4fBLY5L6W8NDHp9KmycpKMsnW9NvfcTZbU3VeKSzEbxAno06b9FJBYgJyNpnG08vHuVh9KJjemzO5reSvNRtVMY+kIt6wD4qSpAEg0B8hhBbh5URee6e8kbl0CmhgRZczQLQQB2PLRqFm4+HxUAosV7TjwkD1XYl/Mt7MWjhWLeaW1bEAOoSM6jEBK9dv7sE1DzRuNmXrWn
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AS8PR07MB7143.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 70c6c1d8-f5f4-4deb-2d2e-08dc7fd2c439
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2024 11:30:39.1338 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 1MY5UtjH+mDSX98bFHBOyCyVk6SDfTpf1FirWDPFWVhauoOANtyMRJ1/gHEPIDKJCNGueLTvLFd1VJleFOHrBg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB8741
Message-ID-Hash: C5JSJGRT7GHGAH4FEWGAX22HOB5GFMJA
X-Message-ID-Hash: C5JSJGRT7GHGAH4FEWGAX22HOB5GFMJA
X-MailFrom: daedulus@btconnect.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "secdir@ietf.org" <secdir@ietf.org>, "asdf@ietf.org" <asdf@ietf.org>, "draft-ietf-asdf-sdf.all@ietf.org" <draft-ietf-asdf-sdf.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [secdir] Re: [Last-Call] Re: Secdir last call review of draft-ietf-asdf-sdf-18
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/bHCluz1eVyZeXiQXRb5DF45mwBY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

From: Carsten Bormann <cabo@tzi.org>
Sent: 28 May 2024 19:42

Hi Ned,

thanks for providing the citation and the thoughts about using this term.

For a current example of how the term is used in the IETF, please see [0].

[0]: https://www.ietf.org/archive/id/draft-lopez-opsawg-yang-provenance-02.html

(Unfortunately, RFC 4949 *uses* provenance once, but does not *define* it, maybe for similar reasons as here.)

Authentication and integrity protection are methods (or can be abstracted into objectives) that can be used to ascertain provenance.

The term provenance is not exactly defined in Section 8 because it really doesn’t have to be:
The text in question is about security considerations, not about defining a protocol for achieving or communicating provenance (which would be out of scope for this interchange format definition).

What the user of a information/interaction model really cares about is its provenance (and applicability), not how that is reliably communicated by way of authentication, integrity protection, endorsement, appraisal, policy etc.

When I said that provenance is a stronger word, I meant that this is really the objective that we desire to support by addressing those specific objectives.
I thought that mentioning that provenance implies authentication and integrity protection [1] would be enough to address the fact that these objectives/mechanisms are not otherwise mentioned in the security considerations.

<tp>
I had never come across provenance until I got involved with a museum and in such institutions it is critical.

But it means what happened between where an object started life - something that is usually clearly stated  - and where it is now, how it got from A to B, whose hands it passed through; and along the way, the object likely changed at least in some regard so integrity is very much absent in my understanding of the term.  Without provenance, then there is the risk of forgery, of fake items being inserted somewhere along the line.

Here I think that the challenge is that by the time we see the data, it may have already passed through other unknown hands and it is hard to know how trustworthy the data we see now is ie it is the integrity of the data that is suspect - provenance does not really help.

Tom Petch

[1]: https://github.com/ietf-wg-asdf/SDF/pull/157/files

Grüße, Carsten


> On 28. May 2024, at 20:25, Smith, Ned <ned.smith@intel.com> wrote:
>
> The draft uses provenance without defining it. There is a definition in NIST SP800-53r5:
> “The chronology of the origin, development, ownership, location, and changes to a system or system component and associated data”.
>  It isn’t clear if the I-D authors intended this definition or something else. If this is the intended definition, then the NIST definition doesn’t specifically say “authentication”, “integrity”, or (attestation) “appraisal”. But if the authors intended these properties, they could have used those words directly rather than “provenance”. If they intended the NIST definition of provenance, they could site the NIST document.
>  -Ned


--
last-call mailing list -- last-call@ietf.org
To unsubscribe send an email to last-call-leave@ietf.org