IETF Logo Mail Archive

Re: [TLS] I-D on TLS authentication with VC

Andrea Vesco <andrea.vesco@linksfoundation.com> Mon, 08 April 2024 09:56 UTC

Return-Path: <andrea.vesco@linksfoundation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9424C14F609 for <tls@ietfa.amsl.com>; Mon, 8 Apr 2024 02:56:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=istitutoboella.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mDpOBjWNBpTy for <tls@ietfa.amsl.com>; Mon, 8 Apr 2024 02:56:10 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2139.outbound.protection.outlook.com [40.107.20.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D203DC14F5E2 for <tls@ietf.org>; Mon, 8 Apr 2024 02:56:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bpUCBkbv8eD65usoseEnXA4mGnfF5LvS1c/Qtow7d0xwyhn0vhMLVxPDZQxONK5iCocSM9/UutXlWj35KCRK+pFFjlHmnWFHlTbE5Q3jP0E8mYpS7gJFgblLlMWVfZdtCPxb4dJmOs3R+UkYjnLMvhijLJrWlKTkJRrx3apUI/77zy7m2kxxUPaucC90LM6Fgj9IapYKLo3fedN9HrV9BtnsLJNJOfTQ8w01pYNEiuiei63HPL2mun1AU6Vlqq1eCPc4M87irThjEVDkplqeZfq/QLhiJfspjvqZVRKz9RDWheiOK+6TelUItb4oUrnlMH70Sy2bgXyRof28LFZGLw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iw5B4xCdo7D9NEsHDEdgcL/yPfcnXX57RzYrFP4JX5Q=; b=dmlFfZvPdDD5d0yKWvYAgHkZCca89ehU7n9Y5YIzza14qbsY6P4ZyeWWJSm148JDtQuUfs8Mr70xO6Bv5cXgPQhpeVZx1givEuQfYi8FjKmN6fVxcMlmxljj3VeG0D5yRE7ZMg7oXm4ztL60lrnw6PJlT/eGpfOmvXVb2C1rHbk9e73qhH/q+/FsYLGArv5ydqGsSkBD+5pf3PXzHT2DzCW4J4nWPE8xWWliA6Yty/KN+tggfHtL08opArk7E5q5MCUfGoFRg528IPnNyM74zGNfAjMIrDHAn0waSC6P0QBwcIrwHEK0Gzz1qy2hrtqzuk4cSr9xjLFZxw3Ryu8uJg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=linksfoundation.com; dmarc=pass action=none header.from=linksfoundation.com; dkim=pass header.d=linksfoundation.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=istitutoboella.onmicrosoft.com; s=selector2-istitutoboella-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iw5B4xCdo7D9NEsHDEdgcL/yPfcnXX57RzYrFP4JX5Q=; b=CrB5rnlD17g4q4jnksF1Ek2RF+rF40cbRJByOz0DHqjJYKWxof0mJj0sFxQjz/rcT+BSYhSqyqhCGvYg/Os0V0ljsb7OqkrxvlyHKicpSj9mX8EFfomi07fLdjTOG865ckztJ/4b6xkkya8XwT6qj5gKF5i57ell7x+rzYOPRz8=
Received: from DB9P195MB1130.EURP195.PROD.OUTLOOK.COM (2603:10a6:10:268::18) by AS4P195MB1598.EURP195.PROD.OUTLOOK.COM (2603:10a6:20b:4ba::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.54; Mon, 8 Apr 2024 09:56:02 +0000
Received: from DB9P195MB1130.EURP195.PROD.OUTLOOK.COM ([fe80::8fe7:f255:db56:97af]) by DB9P195MB1130.EURP195.PROD.OUTLOOK.COM ([fe80::8fe7:f255:db56:97af%7]) with mapi id 15.20.7409.053; Mon, 8 Apr 2024 09:56:02 +0000
From: Andrea Vesco <andrea.vesco@linksfoundation.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Achim Kraus <achimkraus@gmx.net>
CC: "tls@ietf.org" <tls@ietf.org>
Thread-Topic: [TLS] I-D on TLS authentication with VC
Thread-Index: AQHahm2PeEwqmzllRkOVJ3YJ0byftrFZiGIAgAAKt4CAAAWNgIAAKp8AgARlwIA=
Date: Mon, 08 Apr 2024 09:56:02 +0000
Message-ID: <9EE8068D-80D7-4F71-B4D7-66CCB93B55FF@linksfoundation.com>
References: <F515427B-EE5A-4514-9787-8BB3F95FC380@linksfoundation.com> <7d194dc8-65b0-4df5-9ef0-410a38af9e1e@cs.tcd.ie> <70c9b9ff-14fa-4b2f-8d90-2b1a0f1ebf15@gmx.net> <f183ba4b-6876-4cfc-bb66-4b6894e43fd8@cs.tcd.ie> <4ea87346-efa2-46c2-8b00-5cf958f841f4@gmx.net>
In-Reply-To: <4ea87346-efa2-46c2-8b00-5cf958f841f4@gmx.net>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3731.700.6)
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9P195MB1130:EE_|AS4P195MB1598:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: JXd6THszFh9xAZN5My+w4DLeD+d8Eq17BmcEXpuf3QOvjWrLerk6n5+/naWT7j8QifTjsbpV8mYiMkgisie4kkbWNnnmUhX5dDYFcn9XcUbhjGW4BzVwvNm3Rtb9K/yEk6/nLTNOGP+FS8+yiPiKdoS//uOEhpc+dRfKTPWOpbwq2ioy2Dv3ZV1NVR7xX4vQ0n0CAiFvtZyhxOA5Z+tC/ebf8ph2v0fQKaWzYZF/Iidh/kxb5uBWiMnqnHMEDCAn2D6PrKmeMtBKw5ABx/kwXA9xnvSfm404emORhm14Zi1idEFs8AnG+guLJGHm96fWNRO5Kjgy49BuuCsb1wHs/c0tmzpsU0LOs9E8D/7rZpyZxK1tlqk+ocp7rnWoF/wEDMautfG5xp5+yhkIaSqlXoY9rVGGiFGaa4C0VzN6DQ6Dt9bXSrEYHiAVwr4xd/0PLaAybDFZfqt3qdt3oB8Ec+8OG6Zv/uPDxBvcuC05J7N7bZK/nKlqzAum0EDtWQRy1SWpvsdOcJLEQieTXtIXN13HyzhBQReVQ0M94jWFKwnDkn/tIOTN98krdAUDSrnHUZpROkRkgv8puvBhJJMcUyajWV7TE8qPnNJsuif0aOvD4IKnqrbYMpQy0RLzhRWNdBhYGVUvfif4d2cM72EobkkVFLiNhN8r2nfYD6BR7F4=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P195MB1130.EURP195.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(366007)(41320700004)(1800799015)(376005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xUW97+6i4SToiZTjyKLORZ8fmnjrUtwpIyRFvvU6ykFVPPPkZBQdaqURjF83wob1obvyHtDaLOVnHaT7rY6CPHsD9uCjYeFz8YpTm/TzgplZ4XbvDX7Bbxqp/FnFwb5SIeUIduuAOtnhwY0JpGCfxYMWW2lVfZvLI+AlVVRDGLI8tILQ9XhLn96/+5WHbqz7WEYLqqK3NVgP6mXry5ll5NHFB6xOnTEzghflC56Y1PRA9PiupsSK+yOy1qSllYx89wzigx87CZkudDjvNBzNYHYhEYZJh6ElmtBmcXwSUVMOPruDmevWIvucavEiVyijc8D23DoBw/8NJWjBYm4fJgbXHf1e31jNWZbcDGma+ZA7ewV+iwch08UDNNBDYtaEGIZ1WsKhi5L3DORXKQdjTtvi43l/3iceCU0DUZNL1qOgsi53LOQUbXH9VjyyftVkp2F/uw8wV61Nfi6ANq1JszWFa9O5JJWfYEZpLkjV5QZw+zcQJ0J7Q/tGOrZQjdx328UDqQ/wxlXvMEWumwrJIrzua/H5tXHHeysoSpphzoCVSJ/7pIWbDgcQR/Usns2fX1Zmrt+UO4vyy909A+kAZvBpT/fL0RFOUUazNqqN6m5TDb9+kCUsCQiA6MLTRxIGSCd1j/WS6iT+7AS11fvL4UEjmDmEO5qOvgtM43M00Mh0Acbs9z3tzH0Ao9OHf3iJw3ThLdvWdF+Qu2YuqYa3SRf5rNTl1ehHojnYNNsbNNyGFsLmzf4F1t+v4dGGH//U8cPGm66VvPJsluolDkUjDg4zKflaJBrBvO39+X5rS3Vc0m2l/ZCGXuoEZg35qruaO042Z6ivTpJI/cRYAJPQo+nMVnimhvzxCOW4GgMUjl9dyHg943ML/OSf37/g2HbVK3c17vih63l3eb6bl5itDnalwTwIUj+i+uSXQV9dfwM0Yly58UQM2GuhRnWUhWgc5yAc4Hr3T49v4PzzcriRWSZB9OmVhTvyOqbyS6Ifl0KTzcs9W1D5aQaTimRtE14R9R5gOLAmrPOXmpX9IeTB8HyhVmkTJLovJRX8p013cyZqDnaWdGcEjxAk2Vs3z2D6InewM+ZfyRB6OW2AsTN1sKGKOsCYdgWZk6Kk6BBw79+/s2YshGLk+zkcIHlKrUCfPankoKY6nLwbkxicgMo6a7JHzvqyZxuyUgQ6R0Bb+JGJhWT+QgjCjQVyG06ha59xJDsg6NziQpwYK8BVJ1wDF5H2aj5rEBgowuf2MTkTl9SuM4Lrgm67dxKjjsFIeltI1MNrV1uvF61tkCSe/9wTqqkYoZNzMo4shzo4BfWWlPU57dvzFeYKpsa3LnrnURReMZbEdc+4PAU7tLIy41EsGdJi3aX6SiieVfHPzP5W/IGFttnLPvi3N3hpjG4WXuzi9GmqGWt6aHp2UU3Mni7nQtQ+xQvjlKimqvh45SXY9jABvks/XHbzEvdVMw4T1djqUjx+Ipw62U/2++yvRvuROP3zkSLefW7Q2BteADaIkXCLvjpsqDmXqYm92WxMP+awh5m7DuCSzeKVQq9q/SfREVArDkciFGNiOGiGJrA3WVwDWjM0aX+DXlYuM0jIOWXjiNtnPZZ5a/IIRP+425FWQusLTfp8RpLgqKcgP9QfbPE=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <8F2E07B5F1571649AF96899F128B9E8E@EURP195.PROD.OUTLOOK.COM>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: linksfoundation.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9P195MB1130.EURP195.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 740a5a79-9771-4ca9-19fb-08dc57b21993
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2024 09:56:02.4610 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46a5eda7-5583-400d-805d-330f6efe08bd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: g7nWZP9FHbMcQnhs+eFrVX0Op/XYuosDL8goUc5ejVcGWi2CqdinvqRR9KY39deDetcSdVgaawg3rszHUfH46BibkJkZGuxLSf/L9+oFod6ffk/E9tptiZedQX4efMB7
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P195MB1598
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/UwJEqIjwfguWAr1H9Zb7COlGpPA>
Subject: Re: [TLS] I-D on TLS authentication with VC
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2024 09:56:10 -0000

Hi Stephen, Hi Achim, thanks for your comments. 

>  I think, what is more in question is the comparison
> of the new certficate type with the two currently used ones (x509 and
> Raw Public Key). Reading your link, my first impression is, that this
> is pretty similar to x509 but in json. So talking about "only option"
> seems to be a little over done.

In our opinion, the difference between VC and X.509 is not just a matter of format. In SSI, the identity consists of the key pair, the DID, and the VC. The first two components are under the control of the endpoint, so it can (i) update/rotate its key pair without having to update the VC, and (ii) immediately revoke its DID on the ledger if the keys are compromised. 

> The "privacy problem" may disappear, if the DLT is
> part of that "IoT deployment" and is not considered
> as an external component. Anyway, it's the proposal
> of others, so it's also their mission to argument
> and convince others.

In general, DLTs allow participants to deploy and run their own node and synchronize it with the public net. The node becomes the gateway to the distributed ledger, and it can be configured to only serve requests (i.e. DID resolution) that come from the IoT system. This option eliminates the need for the TLS endpoint in the IoT system to interact with a third-party public node and avoids the associated privacy issues.

Best Regards
Andrea

v2.23.0 | Report a Bug | By Email