Re: [stir] Review of: draft-ietf-stir-passport-05
Eric Rescorla <ekr@rtfm.com> Sun, 28 August 2016 16:21 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7514F12B018 for <stir@ietfa.amsl.com>; Sun, 28 Aug 2016 09:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Sxtw_5Db8D0d for <stir@ietfa.amsl.com>; Sun, 28 Aug 2016 09:21:51 -0700 (PDT)
Received: from mail-yw0-x22d.google.com (mail-yw0-x22d.google.com [IPv6:2607:f8b0:4002:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3999E12B012 for <stir@ietf.org>; Sun, 28 Aug 2016 09:21:51 -0700 (PDT)
Received: by mail-yw0-x22d.google.com with SMTP id j12so74220699ywb.2 for <stir@ietf.org>; Sun, 28 Aug 2016 09:21:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UMm0CBWp1iBVeBXMEVpJDAw2wWzoa3or/BmhmDomCbM=; b=NGY3h2egMcunDsCeU1re8u/WoBEUrzW8RkkeKa6Xks/aRmdl2hA7+uYPv6B27QUSA4 z46g/ivycRhpPJJSsz+r+AtWsQkx4tsOwvf1rz5OfxF4tibuDHYmUHtEkIIFSgKGbU7L uyyWCiScpJePQCngC9nGxBqDZFtuWpUqgd+uTfnm/g8sg2Rzbs3eJb/SE9i+ngMBBCrc awBFwG45GWhfUU7TjleycEXQtho8Sqf+uzFGycqY7SHXMn78M3wIZjUOYTNjxd8wcfo3 dTE+eZ8/D/x42BVhXW89hvNamUpdPY0Rq7LlPzyJDeqS//hC2ANhbbSNAmrgarLp7PZD mtxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UMm0CBWp1iBVeBXMEVpJDAw2wWzoa3or/BmhmDomCbM=; b=WZDEp0evsss81j6b07VZlRWzQvTI+yWemLyd6q6bng/pKxAxCzgeVvUAm9rK2Fs/my PqY/4ZOp98eDTCw0tsZres1HAwlfu8znxjK6OkYz+dNE7DGst76emvasrvjgxrazESCR VJSt8VwhAWTxp2/lfUqP0aRoS/WNrC1QvtKzoXrbkH8c/agUPAruGsa0dxmg7qa9B2p3 efpXk9/XLQLUg8ngSwwhybldrEmvjlVDI5v0eedl8cEU/ggMoFp1z5vgZH0/eUqbVIbH Adde6qkArFdHGrLpjh8IqZMHGfAZx20EOefQmzi2lMQbM8Giv4hj5v+T00tkwgTiFyLo ++Vg==
X-Gm-Message-State: AE9vXwPpFaaZB3HEg6pt80dA25PdsAX0ytJ9+YFY6HH4u8yOolWRQNNqjqSgwD9gfNBa6jDe4dl4XlskJYuKCg==
X-Received: by 10.129.39.200 with SMTP id n191mr12384892ywn.16.1472401310458; Sun, 28 Aug 2016 09:21:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.48.193 with HTTP; Sun, 28 Aug 2016 09:21:09 -0700 (PDT)
In-Reply-To: <00C069FD01E0324C9FFCADF539701DB3BCBC0E72@sc9-ex2k10mb1.corp.yaanatech.com>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <67A1F75C-DAA9-4E84-8C70-9A392A90FF6F@chriswendt.net> <8fd2cf67-5241-039a-e3a4-a9ad0928023a@dcrocker.net> <CABcZeBOYQG5JSRqDgnUCS66co1GjEE7pWf14qxJQWCOtqW+cwQ@mail.gmail.com> <1c29f054-5b26-5327-b6bc-4f1ebfdcb8f2@bbiw.net> <CABcZeBMX41i2P5ccFQkOYjUrSxkkk-M_6P=UR54q4_WhUsXBrQ@mail.gmail.com> <ee7666f3-4b29-0fb3-0372-e296c0eefafe@dcrocker.net> <CABcZeBMuc49WDgcATDzw1JNJGGF_hOnc2qcRODsLBFLmf8cMWQ@mail.gmail.com> <00C069FD01E0324C9FFCADF539701DB3BCBC0E72@sc9-ex2k10mb1.corp.yaanatech.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 28 Aug 2016 09:21:09 -0700
Message-ID: <CABcZeBNYpjhcav25W8RObB27NZ1GKuA8MZPG3SRLrdrfVL5p9w@mail.gmail.com>
To: Michael Hammer <michael.hammer@yaanatech.com>
Content-Type: multipart/alternative; boundary="001a1141826a13d23c053b2425d9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/NL3Ld07MZIhRFVO4InScG80d0KI>
Cc: "chris-ietf@chriswendt.net" <chris-ietf@chriswendt.net>, "dcrocker@bbiw.net" <dcrocker@bbiw.net>, "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Review of: draft-ietf-stir-passport-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 16:21:53 -0000
On Sun, Aug 28, 2016 at 8:41 AM, Michael Hammer < michael.hammer@yaanatech.com> wrote: > Ummm…. > > > > If any signature can be repudiated by the sender, > > then how do you apply any consequences for bad behavior? > > Any caller could just say, it wasn’t me and they are off the hook? > I don't think I said that. It certainly wasn't what I meant. > > > Isn’t the consequence tree: > > - Not signed: customer may not answer or caveat emptor > > - Signed, robocall: crackdown > > - Signed, normal call: good to go? > > > > I assume that a signed call that has faulty credentials, > > e.g. bad timestamp, unknown signer, could get filtered out. > > But, that gets into carrier policy that can’t be standardized. > Yes, this is correct. -Ekr > *________________________________* > > *Michael Hammer* > > michael.hammer@yaanatech.com > > +1 408 202 9291 > > > © 2016 Yaana Technologies, LLC. All Rights Reserved. Email confidentiality > notice. This message is private and confidential. If you have received this > message in error, please notify us and remove it from your system. > > > > *From:* stir [mailto:stir-bounces@ietf.org] *On Behalf Of *Eric Rescorla > *Sent:* Saturday, August 27, 2016 9:54 PM > *To:* Dave Crocker <dcrocker@bbiw.net> > *Cc:* Chris Wendt <chris-ietf@chriswendt.net>; stir@ietf.org > *Subject:* Re: [stir] Review of: draft-ietf-stir-passport-05 > > > > > > > > On Sat, Aug 27, 2016 at 6:46 PM, Dave Crocker <dhc@dcrocker.net> wrote: > > On 8/27/2016 5:19 PM, Eric Rescorla wrote: > > And I believe that was my original guess, although my very limited > understanding of non-repudiation includes the significant burden of > having the timestamp, itself, be validated by an independent > authority. Otherwise, the signer could claim any time they want to... > > > That doesn't seem correct to me, at least if "independent" means someone > other than the relying party. The signature is itself a proof attaching > the signer's private key to the passport and to a claim by the signer > about the passport object's assertions being valid at the time in the > timestamp. If the relying party checks the timestamp and rejects it if > it has a bogus timestamp, then any acceptable passport will be > relatively fresh and thus will be usable as a proof of the signer's > representation at the relevant time. Overall, this seems less important > than the freshness property wrt authentication, but it's still a > technical property. > > > > This sounds pretty much the same as authentication. > > While the verifier might decide that the timestamp is ok, if the > verification is close enough in time to that claimed occurrence, it does > nothing for being able to prove the timing to a third-party, /later/. > > > > Well, what you can prove (at any time in the future) is that the signer > claimed that a given thing was true at (what it claimed was) a given time. > You can prove this to a third party. > > > > This isn't a necessary property of authentication. For instance, the > relying party could share a key with the passport generator and the > passport could be secured with a MAC. > > > > > > And that's the environment I'm used to hearing about needing > 'non-repudiation' for. > > In that case, the timestamp needs to have validation that is independent > of the signer. What I'm used to hearing, for that, is that an independent > timestamp service does a kind of notary signature on the original signer's > stuff, including the timestamp. > > > > I'm not sure why you think non-repudiation needs a notary signature. > That's not generally the case, as indicated above, and even if you do have > a timestamping service, all it can prove is that the signature was > generated *prior* to a given time, not at a given time. > > > > > > Anyhow, all of seems to go beyond STIR's needs, suggesting that it would > be best to remove use of the term? > > > > Yes, I think that would be fine. > > > > > > d/ > > -- > > Dave Crocker > Brandenburg InternetWorking > bbiw.net > > > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir > >
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… DOLLY, MARTIN C
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- [stir] Setting Direction for the STIR WG Last Call Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Richard Shockey
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Paul Kyzivat
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- [stir] JWT/JSON (was - Re: Review of: draft-ietf-… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Victor Pascual
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Burger
- [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Michael Hammer
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Alex Bobotek
- Re: [stir] Review of: draft-ietf-stir-passport-05 Stephen Farrell
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt