IETF Logo Mail Archive

Re: [stir] Review of: draft-ietf-stir-passport-05

Dave Crocker <dcrocker@bbiw.net> Sun, 28 August 2016 00:08 UTC

Return-Path: <dcrocker@bbiw.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0401912D1BC for <stir@ietfa.amsl.com>; Sat, 27 Aug 2016 17:08:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.209
X-Spam-Level:
X-Spam-Status: No, score=-1.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RDNS_NONE=0.793, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bbiw.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F6lpOOYjZcGu for <stir@ietfa.amsl.com>; Sat, 27 Aug 2016 17:07:59 -0700 (PDT)
Received: from simon.songbird.com (unknown [72.52.113.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7EDE112D198 for <stir@ietf.org>; Sat, 27 Aug 2016 17:07:59 -0700 (PDT)
Received: from [192.168.1.168] (76-218-8-128.lightspeed.sntcca.sbcglobal.net [76.218.8.128]) (authenticated bits=0) by simon.songbird.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u7S08AHo001796 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NOT); Sat, 27 Aug 2016 17:08:10 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bbiw.net; s=default; t=1472342891; bh=vbB4enISmvgSzLA4Tu8cn7QHCPGbHezSsCKa8ttV3P4=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=WuyA4apKNc4ZVpdDCmGdEppAGG3LkdbNWjQ95cP0LEQpqN9JQRjCGAJyK1n2M4ztk HDiaMp4tAWuclGzTd+4lA8P4KamNyBtRvbcHzLKaCHI+Jq1LubJ0raW9mHSU/wTo5l mIrQwJRlockr/XfxwFkxR1fveYF4s/4shpFjKlpA=
To: Eric Rescorla <ekr@rtfm.com>
References: <07e0eb16-6758-cdf1-c571-1f1ed768e741@dcrocker.net> <67A1F75C-DAA9-4E84-8C70-9A392A90FF6F@chriswendt.net> <8fd2cf67-5241-039a-e3a4-a9ad0928023a@dcrocker.net> <CABcZeBOYQG5JSRqDgnUCS66co1GjEE7pWf14qxJQWCOtqW+cwQ@mail.gmail.com>
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
Message-ID: <1c29f054-5b26-5327-b6bc-4f1ebfdcb8f2@bbiw.net>
Date: Sat, 27 Aug 2016 17:07:32 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBOYQG5JSRqDgnUCS66co1GjEE7pWf14qxJQWCOtqW+cwQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/bvCgKbztblnn2SXiBNAfFQTSBo0>
Cc: Chris Wendt <chris-ietf@chriswendt.net>, "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Review of: draft-ietf-stir-passport-05
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Aug 2016 00:08:00 -0000

On 8/27/2016 4:52 PM, Eric Rescorla wrote:
>
>
> On Sat, Aug 27, 2016 at 2:40 PM, Dave Crocker <dhc@dcrocker.net
> <mailto:dhc@dcrocker.net>> wrote:

>
>             Is the timestamp the basis of claiming non-repudiation?
>
>
>         Partially, depending on your interpretation of how
>         non-repudiation is
>         achieved.  The digital signature based on a certificate is the
>         non-repudiation of the original assertion and signing of the token.
>
>
>     That seems to equate authentication with non-reputation of
>     originator. But they aren't the same.
>
>
> Do you mean "non-repudiation" here? I ask because "reputation" is also a
> concept potentially in play here.

I'm using 'non-repudiation' because the spec uses that term.

If the spec really means 'reputation', that opens a different set of 
concerns, since nothing in any of the 3 documents has to do with 
reputation, per se.


> I think it would probably be fine to remove the term "non-repudiation"
> from this spec, since it only appears in the abstract. Generally, it's
> not that useful a concept for most security settings, especially when
> one starts to ask questions about the legal context.
>
> With that said, given that these tokens are signed by their creator and
> there is a timestamp to provide anti-replay, there is at least
> potentially an important technical property being provided here, which
> is that in the case where a passport creator signs a bogus passport, it
> is possible to demonstrate that it did so, which is not a property
> necessarily provided by authentication systems.

And I believe that was my original guess, although my very limited 
understanding of non-repudiation includes the significant burden of 
having the timestamp, itself, be validated by an independent authority. 
Otherwise, the signer could claim any time they want to...

d/


-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net

v2.23.0 | Report a Bug | By Email