Re: [Secret] Robert Wilton's No Objection on charter-ietf-tigress-00-03: (with COMMENT)

Dmitry Vinokurov <dvinokurov@apple.com> Thu, 30 June 2022 17:01 UTC

Return-Path: <dvinokurov@apple.com>
X-Original-To: secret@ietfa.amsl.com
Delivered-To: secret@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8DBC13CDB5 for <secret@ietfa.amsl.com>; Thu, 30 Jun 2022 10:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.852
X-Spam-Level:
X-Spam-Status: No, score=-2.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XuZ_tNOsYWG3 for <secret@ietfa.amsl.com>; Thu, 30 Jun 2022 10:01:24 -0700 (PDT)
Received: from rn-mailsvcp-ppex-lapp14.apple.com (rn-mailsvcp-ppex-lapp14.rno.apple.com [17.179.253.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B7D8C14F739 for <secret@ietf.org>; Thu, 30 Jun 2022 10:01:24 -0700 (PDT)
Received: from pps.filterd (rn-mailsvcp-ppex-lapp14.rno.apple.com [127.0.0.1]) by rn-mailsvcp-ppex-lapp14.rno.apple.com (8.16.1.2/8.16.1.2) with SMTP id 25UGsX7D005260 for <secret@ietf.org>; Thu, 30 Jun 2022 10:01:23 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : content-type : mime-version : subject : date : references : to : in-reply-to : message-id; s=20180706; bh=RokpYhw3c9IkSrQodfo9J1DWnmFAhzHocvI/+gKehOA=; b=kFnSyCwz/H4oa1apTif6eKtz7NnIp0VMIfsogv+6fdU/M6TpNwHMxvuceqrNjIQvBFGD ShICOxSI5hglzXaL7D5klB+bhN237qTsdd2oDZrTxOl1wV31+wMN9ypG/cIP4ckYOmzk 2h03kWUvlnln5n7uDtAWtvxX986iIsf6ggLaxpPFzMBRShlafgnYAfluQJ/RiJs0UzwE EqkgHtjGelbwKPehYfougTTFkf9/imrYnNwUSehwVFgFWYaCz7WaUGh5fxotmcO6fjml n0ZegsMkkd3R3TQggNl7jrhY9r3Rig9hiXf0ccrayrBW/ZGnyT6IfwvoJizqDOJWanZM GQ==
Received: from rn-mailsvcp-mta-lapp02.rno.apple.com (rn-mailsvcp-mta-lapp02.rno.apple.com [10.225.203.150]) by rn-mailsvcp-ppex-lapp14.rno.apple.com with ESMTP id 3gwy8c525x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <secret@ietf.org>; Thu, 30 Jun 2022 10:01:23 -0700
Received: from rn-mailsvcp-mmp-lapp01.rno.apple.com (rn-mailsvcp-mmp-lapp01.rno.apple.com [17.179.253.14]) by rn-mailsvcp-mta-lapp02.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) with ESMTPS id <0REA003GHVAAJUB0@rn-mailsvcp-mta-lapp02.rno.apple.com> for secret@ietf.org; Thu, 30 Jun 2022 10:01:22 -0700 (PDT)
Received: from process_milters-daemon.rn-mailsvcp-mmp-lapp01.rno.apple.com by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) id <0REA00200V9MHQ00@rn-mailsvcp-mmp-lapp01.rno.apple.com> for secret@ietf.org; Thu, 30 Jun 2022 10:01:22 -0700 (PDT)
X-Va-A:
X-Va-T-CD: 2a3e8a854bc1bbd3eec9719f68b9d1ab
X-Va-E-CD: 2df273f2868d1be697a3590c6f0357de
X-Va-R-CD: 1047d79755b489c5f861477ff69e8848
X-Va-CD: 0
X-Va-ID: 58bec8ee-48e0-474a-8839-c492be7e9d9e
X-V-A:
X-V-T-CD: 2a3e8a854bc1bbd3eec9719f68b9d1ab
X-V-E-CD: 2df273f2868d1be697a3590c6f0357de
X-V-R-CD: 1047d79755b489c5f861477ff69e8848
X-V-CD: 0
X-V-ID: 2ec217f6-7e50-4c2a-8a0b-4ceb192591e5
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517, 18.0.883 definitions=2022-06-30_12:2022-06-28, 2022-06-30 signatures=0
Received: from smtpclient.apple ([17.236.17.196]) by rn-mailsvcp-mmp-lapp01.rno.apple.com (Oracle Communications Messaging Server 8.1.0.18.20220407 64bit (built Apr 7 2022)) with ESMTPSA id <0REA00S8BVA9RV00@rn-mailsvcp-mmp-lapp01.rno.apple.com> for secret@ietf.org; Thu, 30 Jun 2022 10:01:21 -0700 (PDT)
From: Dmitry Vinokurov <dvinokurov@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_D5A72513-8CAB-4988-B086-123161D40FA7"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
Date: Thu, 30 Jun 2022 10:01:20 -0700
References: <mailman.4733.1656592656.982.secret@ietf.org>
To: secret@ietf.org
In-reply-to: <mailman.4733.1656592656.982.secret@ietf.org>
Message-id: <5A28213A-7E9D-4C22-B574-9378C163A80A@apple.com>
X-Mailer: Apple Mail (2.3696.100.31)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.517, 18.0.883 definitions=2022-06-30_12:2022-06-28, 2022-06-30 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secret/6pzEbaopfZsLE-U7UzlghDT0-WU>
Subject: Re: [Secret] Robert Wilton's No Objection on charter-ietf-tigress-00-03: (with COMMENT)
X-BeenThere: secret@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Credential Transfer <secret.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secret>, <mailto:secret-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secret/>
List-Post: <mailto:secret@ietf.org>
List-Help: <mailto:secret-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secret>, <mailto:secret-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jun 2022 17:01:25 -0000

Hi Robert, 

Thank you for your comments,
I added my reply in-line below.


> On Jun 30, 2022, at 5:37 AM, secret-request@ietf.org wrote:
> 
> I agree with other comment as to whether the requirements/constraints on the
> solution should be listed in the charter.  E.g., presumably this means that if
> the WG cannot come up with a solution that meets the constraints then it must
> close or recharter to progress?
DV>> Authors believe it is important to define security goals and things to consider in the charter so that they are embedded into the solution of the problem.

> Some of the constraints also seem a little odd, or unclear:
> 
> * Allow a sender and a recipient to perform multiple round trip communications
> within a limited time frame Is the requirement about performing round trip
> communications, or to be able to complete the transfer in a short bounded time?
DV>> some credentials (e.g. CCC aka Digital Car Key) require multiple read and write operations for transfer - hence, round trip communications. 

> * Not require that both the sender and recipient be online at the same time
> What is meant by being online?  Is this about having network connectivity to
> the relay server?
DV>> sender and receiver devices do not need to have network connectivity to relay server at the same time. They may have it at different times, enough for them to complete read and write operations.

> * Support opaque message content based on the credential type
> It wasn't clear to me exactly what this is, or why carrying arbitrary opaque
> data is an absolute requirement?  Is that about carrying some associated
> message related to why the credential is being delegated?
DV>> since there is desire to support multiple types of credentials, including proprietary, we do not plan to define the message content. 
Message stored on the relay server needs to be defined by the credential provider - e.g. HID or Misfire Desfire or CCC; hence the content is opaque to the relay server.

> Rob

Dmitry Vinokurov
 Pay | 669-269-5514 | Infinite Loop 6, Cupertino, CA | dvinokurov@apple.com