IETF Logo Mail Archive

Re: [stir] Questions on the draft-ietf-stir-passport-04 integrity mechanism

Chris Wendt <chris-ietf@chriswendt.net> Mon, 09 September 2019 19:02 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2F912080F for <stir@ietfa.amsl.com>; Mon, 9 Sep 2019 12:02:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jlDHyrgMO36i for <stir@ietfa.amsl.com>; Mon, 9 Sep 2019 12:02:22 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C844F120020 for <stir@ietf.org>; Mon, 9 Sep 2019 12:02:21 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id n7so17479257qtb.6 for <stir@ietf.org>; Mon, 09 Sep 2019 12:02:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=Z0BfS+YCyM1k8xnHmY31MkGtewr6XDqKQpwMCxt/1jA=; b=lgliWSUbwsiVU/AxN+q3f8dAmeufbKd3oARq+MYaYx9L7Z3Hv4QWsG8v98l1AMMmLf ZZ1JV5bZ9bXVn/UPyZIcG2xVHBX4TIT56j7kgiXpukFX9ts8V3PKTipQ5lrG7dGG/Nus Rv3FoHTFqPxhh+CbHWgWTO2Q4Xr6GXLyJBYdBmfkg7FbvtffNwHWCEsd4NsoSBnIzRBz CTANLg7QZV4S/iST/8Fh0VHejL/pjG9/d/aEFGvXUTAr69CpXbWg4ZwX2WqL5UYdRfDw MJ/8AG3FC2fKWuhQyeM1XQ1BUyvVBUsTmL+2a47VyF0H9kQt6fC5PCHUrYXVtI4NTVW1 JW4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=Z0BfS+YCyM1k8xnHmY31MkGtewr6XDqKQpwMCxt/1jA=; b=Axu6DWHe5vL4B7lHPALvtyES2UP6TLkGdmemrd4NFOpM6RNVSmqKokybhdK2hbfI8X 7ed/lIjdjFWtfEo9XUTige/2B8iIiicOKEsNDuG2JrQEsaKPlFDm+rBXcl3w6M34mVu5 7w5jWk+/XrLExHQG/rkLo8MbjgRn/x4iUAohSaR9VgFzoPujJUq7Ovz28ozgXy00kybh xYkJ7lwwIaBkccQDAsmk+56Mn8A5TDbKjCjfy4OZOjAtjv/MLxvzDrY1giXQAOskyZRr GGw9Xj5W7L1waemGg1hlWeTuQVsMC4Z7itQ1AQh/7HfvvMv/DSXJf6sEyHyzi2CBtRcu 2Y3w==
X-Gm-Message-State: APjAAAWEEtkkOUHH7BxEUH5RwUeOi44crP95IMT9vcJ6WDkXl6IDPnbU 5cVcpsOlFDogCLjUQ7xaWqCBJQ==
X-Google-Smtp-Source: APXvYqzzfcqooYCVUdbzXVCc/lquL/f1k3mQX44Lu396zcKjPARfRZb4PtkrqbQQQFTG1dZ3EYqLow==
X-Received: by 2002:ac8:2d2c:: with SMTP id n41mr24842064qta.335.1568055740773; Mon, 09 Sep 2019 12:02:20 -0700 (PDT)
Received: from ?IPv6:2001:558:6009::7093:88bf:8b39:9be9? ([2001:558:6009:0:7093:88bf:8b39:9be9]) by smtp.gmail.com with ESMTPSA id g45sm1369427qtc.9.2019.09.09.12.02.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Sep 2019 12:02:20 -0700 (PDT)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <9DA8A5FC-866B-4DF3-BA76-68AF733EAF4D@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FE8FDDEB-BC4C-4DF0-8BD2-142893E6489D"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Mon, 09 Sep 2019 15:02:19 -0400
In-Reply-To: <0CCCD3F6-B0A5-4B0C-B563-2E85AC3E3B3A@nostrum.com>
Cc: stir@ietf.org
To: Ben Campbell <ben@nostrum.com>
References: <D0D57997-56AC-4E68-BC12-2CE07C52B711@nostrum.com> <0CCCD3F6-B0A5-4B0C-B563-2E85AC3E3B3A@nostrum.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/JIE6ypcYWta0tlW1dxxkIAAJ6Ss>
Subject: Re: [stir] Questions on the draft-ietf-stir-passport-04 integrity mechanism
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2019 19:02:25 -0000

Hi Ben,

For 1, simple answer is yes the intention was to make the content tied to the cert.  My experience is that calling name and other info is not changed often, however, assuming your premise, why would that be a problem?  If you want to be changing your RCD info once a year, once a month, or once a day then why is it a problem to push everything through the integrity mechanism and generate a new cert each time?  I think this is pretty logical.  If you don’t do that, what is the alternative to keep the properties of integrity of the information protected by a signature?

For 2, yes the intent was to iterate at each level of the URLs.  I suspect the number of nested URLs for most of the “common” cases, like name, logo and address, would be limited, but would need a framework that supports multiple levels of nesting or limit the number of levels or something if we are concerned.  I don’t think there is a lot of reason to be concerned but maybe i’m missing a case that would actually use a ton of nesting in any practical way.

-Chris

> On Sep 7, 2019, at 12:50 PM, Ben Campbell <ben@nostrum.com> wrote:
> 
> Minor correction below:
> 
>> On Sep 6, 2019, at 4:31 PM, Ben Campbell <ben@nostrum.com <mailto:ben@nostrum.com>> wrote:
>> 
>> Signed PGP part
>> Hi,
>> 
>> I have a couple of high level questions about the new integrity mechanism in draft-ietf-stir-passport-04. Apologies if these have already been discussed.
>> 
>> 1) Do I understand correctly that the certificate used to sign a PASSporT with an rcdi claim MUST include a constraint for the _value_ of the digest? That is, if someone makes any change to any of the information they would normally include in an rcd claim, the signing party must get a new cert?
>> 
>> My concern is that, for good or bad, commercial callers really like to control the customer experience. Many like to change things up all the time. I can imagine things like special date-specific logos (e.g. Google doodles), “sale” badges on logos, distinctive branding for different “campaigns”, etc.  I realize things like ACME make the process of getting a new cert lighter weight than it used to be, but is it reasonable to require a new cert for any change?
>> 
>> This might be worse for third-party signers who may sign on behalf of many callers, each of which keeps changing things.
>> 
>> 2) If I understand correctly, if anything in the rcd claim includes a URL, the rcdi claim incorporates the associated content. What about URLs?
> 
> Uhm, I meant to say additional URLs
> 
>> For example, lets say a jcl key links to a jCard, and that jCard has a LOGO element with a URI? Is the alleged logo content at that URI protected?
>> 
>> I assume the answer is that the answer is no; otherwise it could be URLs all the way down and we have to stop somewhere. This is probably a matter of signer or issuer) policy. If so, it might be worth having some operational guidance that they need to think about such things.
>> 
>> 
>> 
>> 
>> 
> 
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email