IETF Logo Mail Archive

Re: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to

Martin Rex <martin.rex@sap.com> Thu, 11 January 2007 19:14 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1H55NX-0001hh-Ch; Thu, 11 Jan 2007 14:14:23 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1H55NW-0001ha-Id for tls@ietf.org; Thu, 11 Jan 2007 14:14:22 -0500
Received: from smtpde01.sap-ag.de ([155.56.68.171]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1H55NU-00074X-VF for tls@ietf.org; Thu, 11 Jan 2007 14:14:22 -0500
Received: from sap-ag.de (smtpde01) by smtpde01.sap-ag.de (out) with ESMTP id UAA07120; Thu, 11 Jan 2007 20:08:27 +0100 (MEZ)
From: Martin Rex <martin.rex@sap.com>
Message-Id: <200701111908.UAA01228@uw1048.wdf.sap.corp>
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to
To: mark@redphonesecurity.com
Date: Thu, 11 Jan 2007 20:08:17 +0100
In-Reply-To: <015d01c735aa$8dc8d490$6801a8c0@rps.local> from "Mark Brown" at Jan 11, 7 12:01:38 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
X-SAP: out
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Mark Brown wrote:
> 
>                                      I'm saying that it could be valuable to
> share metadata from one system to another, and TLS Evidence could be used to
> provide assurance for it.  For example, party A could create a purchase
> order for a system.  Party B could receive that purchase order and assemble
> the ordered system from parts.  Party B might share TLS Evidence together
> with party A's purchase order with suppliers C, D, E.  The suppliers might
> find value in being assured that the purchase order originated with A and
> has not been altered.

This example is full of flawed assumptions.

One the one hand, you keep on insisting that TLS Evidence is data
agnostic, meaning that it can at most verify signatures but has no
clue whatsoever about the data.  So any assurance is entirely
derived from assurance levels of the participating software on
either end combined with the policy tied to the signing certs
on the assumption these are only issued to highly assured software.


So the assurance level that you can get is at most as high as the
lowest assurance level of all of the software components involved
in the process on both communication peers.  Which means that
in theory you might get to EAL4, but you're unlikely to find
that in any real-world use.

TLS is a complex, expensive and completely unnecessary bell&whistle
that will result in massive collateral damage when used and
I haven't heard of any plausible usage scenario so far,
and I can not think of one either.


A well engineered approach would not use a shotgun approach to
security, but instead a tailored design that meets exactly
the needs of the application, can be used for programmatically
checking consistency an can create digital tamper-resistant
proofs of transactions that contain all and only the necessary
information that is necessary -- in which case it will be
possible make it conforming with individual, case-specific
legal and buisiness requirements.


-Martin

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email