[Secret] Questions and comments on tigress charter
Jim Fenton <fenton@bluepopcorn.net> Sun, 03 July 2022 02:53 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: secret@ietfa.amsl.com
Delivered-To: secret@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B015CC14CF02 for <secret@ietfa.amsl.com>; Sat, 2 Jul 2022 19:53:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jB8qFNffTdT2 for <secret@ietfa.amsl.com>; Sat, 2 Jul 2022 19:53:54 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FF7EC14F721 for <secret@ietf.org>; Sat, 2 Jul 2022 19:53:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bluepopcorn.net; s=supersize; h=Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=mR2ASObTlYETSUAYlvKPtOENdg5oeKycNKuLEm54KTg=; b=sUEZDs5zoPLmZtSk3K0i214sH1 0CsdaB9rx0m4SnggO2Ry6+62v6qxR0ZbKEA5JZIsAJHg4wmJmOdSFKuHUWkrWSdRqeStA/7DpUNFJ VhU6tCH6lfHqbi5FQ7z6Bj7+r3fdddI+Ix7V5/Q3d+pSktiz8JcCgdPWFCt6rVhf1vO8=;
Received: from [2601:647:4400:1261:7c:4242:295a:b51e] (helo=[10.10.20.186]) by v2.bluepopcorn.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fenton@bluepopcorn.net>) id 1o7pk3-0004ny-Pr for secret@ietf.org; Sat, 02 Jul 2022 19:53:52 -0700
From: Jim Fenton <fenton@bluepopcorn.net>
To: secret@ietf.org
Date: Sat, 02 Jul 2022 19:53:50 -0700
X-Mailer: MailMate (1.14r5852)
Message-ID: <3614905C-E82E-4601-874D-2A2C7D9F6A9B@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; markup="markdown"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/secret/9r-XImf-0H33Ku3Wb1q1yTpYfwc>
Subject: [Secret] Questions and comments on tigress charter
X-BeenThere: secret@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Credential Transfer <secret.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secret>, <mailto:secret-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secret/>
List-Post: <mailto:secret@ietf.org>
List-Help: <mailto:secret-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secret>, <mailto:secret-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Jul 2022 02:53:58 -0000
I guess I missed the deadline on the call for consensus on the charter, but I have some questions and comments nonetheless. I’m referencing charter-ietf-tigress-00-06 as currently shown on Datatracker. When I read through the use cases (giving someone temporary use of my car or letting the cat sitter in my home) I immediately thought of this as an authorization problem. I would normally solve this by giving the public key of the delegated user’s credential to the car or house and telling the car or house to accept that credential for some period of time. Or I might authenticate to the hotel and tell them to accept my spouse’s credential. The flow described in the charter is more complicated, and I assume there’s a good reason for that but I don’t understand what it is. The charter also refers to a credential authority, but doesn’t explain anything about it. In the case of the cat sitter, what credential authority is there for my home? This is clearer in the hotel room key example (where presumably the credential authority is the hotel or hotel chain?) but that isn’t the general case here. I missed the previous BOF but would like to understand the motivation for this WG better. -Jim
- [Secret] Questions and comments on tigress charter Jim Fenton
- Re: [Secret] Questions and comments on tigress ch… Dmitry Vinokurov