Re: [stir] Review of: draft-ietf-stir-passport-05
Chris Wendt <chris-ietf@chriswendt.net> Mon, 29 August 2016 18:52 UTC
Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB21512B04E for <stir@ietfa.amsl.com>; Mon, 29 Aug 2016 11:52:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o_Uq81ERwBzI for <stir@ietfa.amsl.com>; Mon, 29 Aug 2016 11:52:05 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA03012B00D for <stir@ietf.org>; Mon, 29 Aug 2016 11:52:05 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id t7so147478170qkh.1 for <stir@ietf.org>; Mon, 29 Aug 2016 11:52:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=429CcpIX/RJa2/kk6R/BqZhziEvoXF3IyDBf3B2DiAk=; b=Jv0QSUKyXQeG2BxFoX5+kCWwl9GT664r1C1Fh6YS7VwcE8EahLZg074UHruJYtEEBx VtMhenEPKrLeFwmbZiMdLazjpOYvEoRjNzhCu2NYuSrzLK2Ia4AhEw8E/R3k/ShV6snq Aq3gaZ2MZF+bQfjpv6/YQhiYiL9+A8CDDBJKWYQhqoeti47sQkH7zpz2o5KzvyJuDQrq yCWydIZV/ej1uYg8DmZjgWkgr9mEU8NiMu1JU/riwA1MVMVDrqIf1YS5mM+afXwcPFPH 6Frz8S+35CglR8yGBsX8MCz3tqABjAZpfYA0123LPtDvimitDr07Y5XjXPyYSYkZr7jG 98AA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=429CcpIX/RJa2/kk6R/BqZhziEvoXF3IyDBf3B2DiAk=; b=dZgJHA+iWxmZZKnSBe5V0rmCtBURIOxixZ2O+alVHCdoxbsDLH0ybdHWCFuZyCYyWt UOVZnro28yKj6AZbRWypV6SvS3Dvk7/PSm/wBL12iyKX7kmD6vzVywTBeYIXKUPzW0ou dt4FaAglk3acB+Hl+0GX66UaG2WK0LorkZ4IF4HtOrXBTkU4nrqbHxwMdS2eFtQRflUu I9qQ7NOG6JX9rgFu1cg7zMTf59no53q5H0uBpevMPkIWa+9zeRqjxWisPtrtbOi8n6qj KW8bMGwUxcdHcTXfAyMZlGbb9qFjkSx3Sf1Tdb75FVf2pJcrexLXli9ygix693kapOjN MWog==
X-Gm-Message-State: AE9vXwMu9aJGnhAardOtXqMvKjEo+U/dgi7Wqf34PqAgkOuK5wLuBYE6Lul+7cKdhWI1Pw==
X-Received: by 10.55.44.69 with SMTP id s66mr21575654qkh.174.1472496724839; Mon, 29 Aug 2016 11:52:04 -0700 (PDT)
Received: from [10.36.72.35] ([69.241.19.12]) by smtp.gmail.com with ESMTPSA id f17sm19325252qke.37.2016.08.29.11.52.03 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 29 Aug 2016 11:52:04 -0700 (PDT)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Chris Wendt <chris-ietf@chriswendt.net>
In-Reply-To: <1c29f054-5b26-5327-b6bc-4f1ebfdcb8f2@bbiw.net>
Date: Mon, 29 Aug 2016 14:52:03 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <958917CD-5FA5-4553-939E-CC1468AE8341@chriswendt.net>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <67A1F75C-DAA9-4E84-8C70-9A392A90FF6F@chriswendt.net> <8fd2cf67-5241-039a-e3a4-a9ad0928023a@dcrocker.net> <CABcZeBOYQG5JSRqDgnUCS66co1GjEE7pWf14qxJQWCOtqW+cwQ@mail.gmail.com> <1c29f054-5b26-5327-b6bc-4f1ebfdcb8f2@bbiw.net>
To: Dave Crocker <dcrocker@bbiw.net>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/OYf9rNbCKHq0hTHlPCYHfx8BVtA>
Cc: "stir@ietf.org" <stir@ietf.org>, Eric Rescorla <ekr@rtfm.com>
Subject: Re: [stir] Review of: draft-ietf-stir-passport-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Aug 2016 18:52:07 -0000
Agree, will remove term “non-repudiation", discussed this in ATIS Task Force and came to realization that we are looking at the Passport representing purely an assertion of the identity and the signer is the party responsible for that assertion, and “buyer beware”. > On Aug 27, 2016, at 8:07 PM, Dave Crocker <dcrocker@bbiw.net> wrote: > > On 8/27/2016 4:52 PM, Eric Rescorla wrote: >> >> >> On Sat, Aug 27, 2016 at 2:40 PM, Dave Crocker <dhc@dcrocker.net >> <mailto:dhc@dcrocker.net>> wrote: > >> >> Is the timestamp the basis of claiming non-repudiation? >> >> >> Partially, depending on your interpretation of how >> non-repudiation is >> achieved. The digital signature based on a certificate is the >> non-repudiation of the original assertion and signing of the token. >> >> >> That seems to equate authentication with non-reputation of >> originator. But they aren't the same. >> >> >> Do you mean "non-repudiation" here? I ask because "reputation" is also a >> concept potentially in play here. > > I'm using 'non-repudiation' because the spec uses that term. > > If the spec really means 'reputation', that opens a different set of concerns, since nothing in any of the 3 documents has to do with reputation, per se. > > >> I think it would probably be fine to remove the term "non-repudiation" >> from this spec, since it only appears in the abstract. Generally, it's >> not that useful a concept for most security settings, especially when >> one starts to ask questions about the legal context. >> >> With that said, given that these tokens are signed by their creator and >> there is a timestamp to provide anti-replay, there is at least >> potentially an important technical property being provided here, which >> is that in the case where a passport creator signs a bogus passport, it >> is possible to demonstrate that it did so, which is not a property >> necessarily provided by authentication systems. > > And I believe that was my original guess, although my very limited understanding of non-repudiation includes the significant burden of having the timestamp, itself, be validated by an independent authority. Otherwise, the signer could claim any time they want to... > > d/ > > > -- > > Dave Crocker > Brandenburg InternetWorking > bbiw.net
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… DOLLY, MARTIN C
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Tony Rutkowski
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Brian Rosen
- [stir] Setting Direction for the STIR WG Last Call Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Richard Shockey
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Paul Kyzivat
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- [stir] JWT/JSON (was - Re: Review of: draft-ietf-… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Victor Pascual
- Re: [stir] Review of: draft-ietf-stir-passport-05 Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Peterson, Jon
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Richard Shockey
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Burger
- [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force Dave Crocker
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Tony Rutkowski
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] Robocall Strike Force Richard Shockey
- Re: [stir] Robocall Strike Force Paul Kyzivat
- Re: [stir] Robocall Strike Force DOLLY, MARTIN C
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] Setting Direction for the STIR WG Last… Russ Housley
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] Setting Direction for the STIR WG Last… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Eric Rescorla
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Dave Crocker
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Peterson, Jon
- Re: [stir] JWT/JSON (was - Re: Review of: draft-i… Christer Holmberg
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Michael Hammer
- Re: [stir] Review of: draft-ietf-stir-passport-05 Eric Rescorla
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt
- Re: [stir] Review of: draft-ietf-stir-passport-05 Alex Bobotek
- Re: [stir] Review of: draft-ietf-stir-passport-05 Stephen Farrell
- Re: [stir] Review of: draft-ietf-stir-passport-05 Dave Crocker
- Re: [stir] Review of: draft-ietf-stir-passport-05 Chris Wendt