IETF Logo Mail Archive

Re: [stir] Review of: draft-ietf-stir-passport-05

Dave Crocker <dhc@dcrocker.net> Sun, 28 August 2016 01:46 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B8E212D53C for <stir@ietfa.amsl.com>; Sat, 27 Aug 2016 18:46:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.209
X-Spam-Level:
X-Spam-Status: No, score=-1.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dcrocker.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UcevX2eg01Le for <stir@ietfa.amsl.com>; Sat, 27 Aug 2016 18:46:29 -0700 (PDT)
Received: from simon.songbird.com (unknown [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C84A612D0C6 for <stir@ietf.org>; Sat, 27 Aug 2016 18:46:29 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u7S1ke86004046 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Sat, 27 Aug 2016 18:46:40 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dcrocker.net; s=default; t=1472348801; bh=tmftwac4o3EyhLnedPLT3GsWSZPhmoqYnlW6/xNNhr8=; h=Subject:To:References:Cc:From:Reply-To:Date:In-Reply-To:From; b=Gp5dbeujZh9z5Ml/P/sX/6DF4rG80hw9lZ8YGY+sMEvg0tprDlYrH8+zQoBvcvxd2 YCQ7uC1am6uXo9LH6VUOn4bz4X0j0BY4BcYpPcToaB+nVOrZZ0zdNozQ9h+1Wjiyxw N0PeLz+r75TmkQyyfZl2Fx1pW7lxU/dq8/AO7+80=
To: Eric Rescorla <ekr@rtfm.com>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <67A1F75C-DAA9-4E84-8C70-9A392A90FF6F@chriswendt.net> <8fd2cf67-5241-039a-e3a4-a9ad0928023a@dcrocker.net> <CABcZeBOYQG5JSRqDgnUCS66co1GjEE7pWf14qxJQWCOtqW+cwQ@mail.gmail.com> <1c29f054-5b26-5327-b6bc-4f1ebfdcb8f2@bbiw.net> <CABcZeBMX41i2P5ccFQkOYjUrSxkkk-M_6P=UR54q4_WhUsXBrQ@mail.gmail.com>
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
Message-ID: <ee7666f3-4b29-0fb3-0372-e296c0eefafe@dcrocker.net>
Date: Sat, 27 Aug 2016 18:46:02 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBMX41i2P5ccFQkOYjUrSxkkk-M_6P=UR54q4_WhUsXBrQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/BYUu4bOtWc26LWLTYVGEOjsSoIY>
Cc: Chris Wendt <chris-ietf@chriswendt.net>, "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Review of: draft-ietf-stir-passport-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: dcrocker@bbiw.net
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 01:46:30 -0000

On 8/27/2016 5:19 PM, Eric Rescorla wrote:
>     And I believe that was my original guess, although my very limited
>     understanding of non-repudiation includes the significant burden of
>     having the timestamp, itself, be validated by an independent
>     authority. Otherwise, the signer could claim any time they want to...
>
>
> That doesn't seem correct to me, at least if "independent" means someone
> other than the relying party. The signature is itself a proof attaching
> the signer's private key to the passport and to a claim by the signer
> about the passport object's assertions being valid at the time in the
> timestamp. If the relying party checks the timestamp and rejects it if
> it has a bogus timestamp, then any acceptable passport will be
> relatively fresh and thus will be usable as a proof of the signer's
> representation at the relevant time. Overall, this seems less important
> than the freshness property wrt authentication, but it's still a
> technical property.


This sounds pretty much the same as authentication.

While the verifier might decide that the timestamp is ok, if the 
verification is close enough in time to that claimed occurrence, it does 
nothing for being able to prove the timing to a third-party, /later/. 
And that's the environment I'm used to hearing about needing 
'non-repudiation' for.

In that case, the timestamp needs to have validation that is independent 
of the signer.  What I'm used to hearing, for that, is that an 
independent timestamp service does a kind of notary signature on the 
original signer's stuff, including the timestamp.

Anyhow, all of seems to go beyond STIR's needs, suggesting that it would 
be best to remove use of the term?

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

v2.23.0 | Report a Bug | By Email