IETF Logo Mail Archive

Re: [stir] Review of: draft-ietf-stir-rfc4474bis-10

Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 19 August 2016 16:17 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC88412B054 for <stir@ietfa.amsl.com>; Fri, 19 Aug 2016 09:17:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bF383sKS6mWZ for <stir@ietfa.amsl.com>; Fri, 19 Aug 2016 09:17:21 -0700 (PDT)
Received: from resqmta-po-03v.sys.comcast.net (resqmta-po-03v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B39D512B04C for <stir@ietf.org>; Fri, 19 Aug 2016 09:17:21 -0700 (PDT)
Received: from resomta-po-12v.sys.comcast.net ([96.114.154.236]) by resqmta-po-03v.sys.comcast.net with SMTP id amTmbd72Fzd8UamTxbppLD; Fri, 19 Aug 2016 16:17:21 +0000
Received: from Paul-Kyzivats-MacBook-Pro.local ([73.218.51.154]) by resomta-po-12v.sys.comcast.net with SMTP id amTwbZIWOBaz3amTwbm0RJ; Fri, 19 Aug 2016 16:17:21 +0000
To: dcrocker@bbiw.net, stir@ietf.org
References: <c3a85ffc-8340-ac54-4d8e-21a16fefd032@dcrocker.net> <D3D41210.1A72E4%jon.peterson@neustar.biz> <CAHBDyN7W8zkgGjeUqzGaxLfRD-nFDgD9R3kxioQ47Kbp4_B8EA@mail.gmail.com> <6bd1e4bc946a4a02a1f4fdac385984b9@PLSWE13M08.ad.sprint.com> <D3DB2EE9.1A7B59%jon.peterson@neustar.biz> <fbf38cef-bfb0-60df-175d-c57362917c4c@dcrocker.net> <8b99c0c3-67af-9eec-e6c0-6fad56413318@alum.mit.edu> <c057e894-b456-8ad7-390a-67eb8e31f149@dcrocker.net>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <0a892a38-d748-6f60-b953-b3c31fe1e6a3@alum.mit.edu>
Date: Fri, 19 Aug 2016 12:17:19 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <c057e894-b456-8ad7-390a-67eb8e31f149@dcrocker.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-CMAE-Envelope: MS4wfOhoI/brWogALcYZRbNh1wdq6yqazB7/GameMPJ4TOWUGExaxKddYrlDpsCz+TA0HO6oWEI5RtF42VlidIg+iTdVjRoAuPzT1q1P0fHjbQReRUCCDyts lMcTi5nuoXznN7dopUGWqV3aRmoIz1lBRmgpSOozPrREXScW8fjrOaJvrXGA9Ro6x/d2yur+FJxGXr1jsUIzt0dT49CZzfuFlIs=
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/-85sqw5WsyBDz7pjaMMithyL77c>
Subject: Re: [stir] Review of: draft-ietf-stir-rfc4474bis-10
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Aug 2016 16:17:23 -0000

On 8/19/16 11:55 AM, Dave Crocker wrote:
> On 8/19/2016 8:49 AM, Paul Kyzivat wrote:
>> What this means is that any *prioritization* of these needs to be a
>> decision made by the validator (perhaps differently for different
>> validators in the same call), and not by the signers.
>
>
> Paul,
>
> As you have phrased it, this seems likely to produce non-interoperability.
>
> Some -- and maybe all -- of the details concerning the basic mechanics
> and semantics of multiple signatures need to be specified for consonant
> behavior between signers and validators.  Otherwise, the signer won't
> know how the validator will interpret the signatures.  And the validator
> won't know what the signer(s) meant.
>
> (This is, of course, separate from any policies the receiving side might
> choose to have for the /use/ of the results of that interpretation.)

The latter is what I was talking about.

One validator may trust a particular signer, while another has that 
signer on a blacklist. I think this is unavoidable, and in fact can be 
considered a *feature*.

	Thanks,
	Paul

v2.23.0 | Report a Bug | By Email