Re: [stir] Review of: draft-ietf-stir-passport-05
Eric Rescorla <ekr@rtfm.com> Sat, 27 August 2016 23:53 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55A2512D0CD for <stir@ietfa.amsl.com>; Sat, 27 Aug 2016 16:53:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vImWEHa83uPS for <stir@ietfa.amsl.com>; Sat, 27 Aug 2016 16:53:24 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6525512B05E for <stir@ietf.org>; Sat, 27 Aug 2016 16:53:24 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id j12so68300662ywb.2 for <stir@ietf.org>; Sat, 27 Aug 2016 16:53:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eMqAGMKYF4fFhynquK1nTxOeCTUAkOsWO1mCNSGR+u0=; b=xoFvDuuxFuC1kBOTfmMBw86Yp9Rg4rbkipt++CL1VQHfzMzFHZ+votlmp6kC8k06lH 564VkRWZ/mDvfjS2VW74ZiT/f8z9cNnTJuoUP8rxQ0nyhWm8PfmOpm9lXbvh3TjQYjfH Y2847VvqixTP9IH6DSbibMkHdxITWz6GoKUU5Aq4bWlCwor3ZYxFg7meal/tv7D2ZUjX d4nC3NnqG7X7LazB5Aba8kZ/f4EAhqTQWlpvkObDqhUG/gFyiK+b1uTojFHUli1wOVJK ZQLcWlDMtbjQ8huQFZJiWgTTXQkNNuVBT+jVL2jI1UjcVK2Dxrso6oimPtqLPqvbtvZY 72iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eMqAGMKYF4fFhynquK1nTxOeCTUAkOsWO1mCNSGR+u0=; b=WQbdS2gKds1jRI/K1EyP+rkpCKPTkdPzL4OIGkbwgQXI4H+HC3BJo34PmZ/Flq45w5 +IJbt2ADEtHxxgC9wWe165jkNCWfaG+kOKgXYinjAhCgrORw+EwF9IsJ7sTpmcLHUn1o qrhVjecmztZTLER0a7MabcBC0nPyXVBb4DV8poy8vVbO2YrYXkawnE1re3cKjB0T2YGH HTrnM9O2dnPYt6jN1WAndZMJbJCPfMEEZ9aU8qtu8IwvJFqwBclwmYf+QbdWcbXbh8cU bRYdDHFvdVrLzRXSpS0iDTjWkguRgps4wqc2rmHm8c6UvJr1m0NQw0Zj3uPbPZirWA/Q AdjQ==
X-Gm-Message-State: AE9vXwO14qxBKTuQRW3K52KZpyOgTbHB+y4ongpNG7veWb2gw/Cajdo3W4bbKgFEY83rNxFAEOmrii0fN4zZQQ==
X-Received: by 10.13.244.197 with SMTP id d188mr9460971ywf.276.1472342003577; Sat, 27 Aug 2016 16:53:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.48.193 with HTTP; Sat, 27 Aug 2016 16:52:42 -0700 (PDT)
In-Reply-To: <8fd2cf67-5241-039a-e3a4-a9ad0928023a@dcrocker.net>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <67A1F75C-DAA9-4E84-8C70-9A392A90FF6F@chriswendt.net> <8fd2cf67-5241-039a-e3a4-a9ad0928023a@dcrocker.net>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 27 Aug 2016 16:52:42 -0700
Message-ID: <CABcZeBOYQG5JSRqDgnUCS66co1GjEE7pWf14qxJQWCOtqW+cwQ@mail.gmail.com>
To: Dave Crocker <dcrocker@bbiw.net>
Content-Type: multipart/alternative; boundary="94eb2c0865481ca9f1053b16567f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/JAl3xFVgWQfjqdWUANQqvoY0W0o>
Cc: Chris Wendt <chris-ietf@chriswendt.net>, "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Review of: draft-ietf-stir-passport-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2016 23:53:26 -0000
On Sat, Aug 27, 2016 at 2:40 PM, Dave Crocker <dhc@dcrocker.net> wrote: > Chris, > > Thanks for the followup. Pruned responses to responses, below... > > > On 8/22/2016 10:58 AM, Chris Wendt wrote: > >> Detailed Comments ----------------- >>> >>>> STIR >>>> C. Wendt Internet-Draft >>>> Comcast Intended status: Standards Track >>>> J. Peterson Expires: January 23, 2017 >>>> Neustar Inc. July 22, 2016 >>>> >>>> >>>> Persona Assertion Token draft-ietf-stir-passport-05 >>>> >>>> Abstract >>>> >>> ... > >> Is the timestamp the basis of claiming non-repudiation? >>> >> >> Partially, depending on your interpretation of how non-repudiation is >> achieved. The digital signature based on a certificate is the >> non-repudiation of the original assertion and signing of the token. >> > > That seems to equate authentication with non-reputation of originator. But > they aren't the same. > Do you mean "non-repudiation" here? I ask because "reputation" is also a concept potentially in play here. repudiation the sender of and authorization to send information >>>> related to the originator of personal communications. A >>>> >>> >>> 'info related to'... what does this mean? >>> >> >> Yes this was a bit too broad and the abstract text wasn’t updated >> when the scope was reduced. >> >> replaced with: 'non-repudiation the author of the token, their >> authority to author the token and, minimally, the asserted >> originating identity or persona contained within the token >> corresponding specifically to the originator of personal >> communications' >> > > My guess is that all of the above fall under authentication, not > non-repuduation. If my guess is wrong, it really would help to see a > careful explanation of how it is non-repudiation rather than authentication. I think it would probably be fine to remove the term "non-repudiation" from this spec, since it only appears in the abstract. Generally, it's not that useful a concept for most security settings, especially when one starts to ask questions about the legal context. With that said, given that these tokens are signed by their creator and there is a timestamp to provide anti-replay, there is at least potentially an important technical property being provided here, which is that in the case where a passport creator signs a bogus passport, it is possible to demonstrate that it did so, which is not a property necessarily provided by authentication systems. -Ekr
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… DOLLY, MARTIN C
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- [stir] Setting Direction for the STIR WG Last Call Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Richard Shockey
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Paul Kyzivat
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- [stir] JWT/JSON (was - Re: Review of: draft-ietf-… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Victor Pascual
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Burger
- [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Michael Hammer
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Alex Bobotek
- Re: [stir] Review of: draft-ietf-stir-passport-05 Stephen Farrell
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt