[T2TRG] Laws of Identity and idevid-considerations
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 27 August 2020 20:38 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4637E3A12DB for <t2trg@ietfa.amsl.com>; Thu, 27 Aug 2020 13:38:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YoUh-BKnSsTu for <t2trg@ietfa.amsl.com>; Thu, 27 Aug 2020 13:38:56 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4EA5C3A12DA for <t2trg@irtf.org>; Thu, 27 Aug 2020 13:38:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id CBE80389CC; Thu, 27 Aug 2020 16:17:55 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 4H_ot0OByYZH; Thu, 27 Aug 2020 16:17:52 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 3E323389B5; Thu, 27 Aug 2020 16:17:52 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 2C7954D7; Thu, 27 Aug 2020 16:38:50 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Carsten Bormann <cabo@tzi.org>, t2trg@irtf.org
In-Reply-To: <95FFAF54-2B2F-4210-8D58-DEC19CD46716@tzi.org>
References: <47C264DC-D59D-49E8-B087-BAF0E23527DD@ericsson.com> <17177.1596684898@localhost> <4597f6de-6ae7-56ff-1c47-f7edf658a727@sandelman.ca> <95FFAF54-2B2F-4210-8D58-DEC19CD46716@tzi.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 27 Aug 2020 16:38:50 -0400
Message-ID: <6860.1598560730@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/vMnuPQjrZhHLOz_s2HMb1VIIegE>
Subject: [T2TRG] Laws of Identity and idevid-considerations
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IRTF Thing-to-Thing Research Group <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2020 20:38:58 -0000
Carsten Bormann <cabo@tzi.org> wrote: > I have sent a zillion editorial comments (yes, starting from > “toxonomy”) to the authors; I really recommend reading the document as > soon as they are addressed. Now addresses: Title: A Taxonomy of operational security of manufacturer installed keys and anchors Document date: 2020-08-27 Group: Individual Submission Pages: 25 URL: https://www.ietf.org/internet-drafts/draft-richardson-t2trg-idevid-considerations-01.txt Status: https://datatracker.ietf.org/doc/draft-richardson-t2trg-idevid-considerations/ Htmlized: https://tools.ietf.org/html/draft-richardson-t2trg-idevid-considerations-01 Htmlized: https://datatracker.ietf.org/doc/html/draft-richardson-t2trg-idevid-considerations Diff: https://www.ietf.org/rfcdiff?url2=draft-richardson-t2trg-idevid-considerations-01 > It is amazing that even this document occasionally falls into the trap > of using the same term for a public key/certificate and a key pair (or > even the attribute that is proven by demonstrating the possession of > that key pair). That is easy to do because they work in step/in > harmony, but we do need to fix our language here. Yes, I agree. I like the symmetry that the things in the device are either roots of trust (a term from remote attestion), or trust anchors. Roots of Trust imply a keypair in the device. Trust Anchors are just the public part, embued with some authorization. Whether the Trust Anchor anchors an entire hierachy of PKI or not is one of the questions that needs to be evaluated. Meanwhile, on the factory/facility side, there are also keypairs that are part of the PKI, or not. I would love to give each some distinct term, even though mathematically, they are exactly identical. > I think that the questions in Section 6 are good ones, but sometimes I > feel that more fundamental questions are struggling to come to the > light here. Can we find them? I agree, there may be more fundamental things to ask, but they might also be too specific, and the general question can elicit a variety of different kinds of answers. > The document discusses the issue of “justified parties” for the > manufacturing process, but not for the PKI side. Maybe we can expand > on that, too. Carsten Bormann <cabo@tzi.org> wrote: > On 2020-08-25, at 02:27, Carsten Bormann <cabo@tzi.org> wrote: >> >> “justified parties” > … and I meant Kim Cameron’s “justifiable parties” [1], but not just in > Cameron’s sense (avoiding disclosure), but more importantly in the > sense of avoiding the need for trusting yet another party: > Trust is a liability for the entity being trusted, and that liability > will cost you dearly in one or another way (or in both). > Grüße, Carsten > [1]: https://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf > [is there really no better reference out there?] I had not read this before, and I read through it, and like it. How did I miss this before? Cameron started blogging again this year, btw. To think that it is 15 years old, and we have so little progress here. Cameron gives the example that while people were happy to use Passport to interact with MSN site, they found they didn't want to use Passport to interact with non-MSN sites. We see today this in some people's justified reluctance to Login-With Google/Facebook/Github/etc. vs having yet another poorly chosen password to remember and recover. I'm not entirely certain I understand your comments above. I think that I should link to some of the Laws in the document, but I'm not sure how yet. Tell me how do I discuss the issue of justified parties? Is it in section 4.1.2 (how keys are generated)? Or am I misunderstanding? I can see that end users may wish to not involve the manufacturer when authenticating the device via it's IDevID. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [T2TRG] idevid-considerations at -- SecDispatch/I… Michael Richardson
- Re: [T2TRG] idevid-considerations at -- SecDispat… Michael Richardson
- Re: [T2TRG] idevid-considerations at -- SecDispat… Carsten Bormann
- Re: [T2TRG] idevid-considerations at -- SecDispat… Carsten Bormann
- [T2TRG] Laws of Identity and idevid-considerations Michael Richardson