Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

[Martin Rex <martin.rex@sap.com>]

Benjamin Black wrote:
>
> Martin Rex wrote:
> > So an application-level approach should not only standardize the
> > tagging of to-be-signed content, it should actually provide two
> > seperate tags resulting in two independent signatures, one
> > over all the data that ought to be authenticated during
> > processing of the transaction and one signature over only
> > the data that is to (and legally permitted to be) persisted.
> 
> sounds like a job for ws-*, not tls.

XML/XMLsig is probably OK.

WS-Security (SOAP,SAML) - better not.


There appears to be a serious misconception about what value
"assurance" and "assurance levels" could provide to the business
world.  In many areas it is not only painful and entirely useless,
it is even counter-productive in providing a false sense of security.

High assurance in software, hardware, policies and policy processing
is not going to improve accuracy and/or truth of the communicated
or stored information or communication.  And digital signatures
blindly applied to arbitarary collections of data are a real problem
for fixing or deleting inaccurate or untrue information.

Appropriately engineered cryptographic integrity protection for
data (in transit AND at rest) to provide resistance to tampering
is perfectly sufficient.

Businesses are collecting and producing data in the multi-megabyte
per day range.  9 years ago, the largest database among our
customers was 700 Gigabytes.  I don't know what is common today,
but I assume that several have long crossed the Terabyte mark.

So it is a sad fact that a lot of inaccurate information is processed
and stored by businesses every day, and applying digital signatures
on raw communication data will hardly have any benefits for the
businesses, but TLS Evidence will come at a cost and
create a significant performance impact (latency).

I mentioned it before, for Online shopping it will be pretty useless.
See
      http://www.heise.de/newsticker/meldung/83574

(sorry, it's all German).  Amazon had put up Sony&IBM laptops at less
than EUR 20 in their online shop and of course, several customers
ordererd them.  This is why businesses make sure that such offers
are not binding, because error like these happen every once in
a while.  This illustrate just what a stupid idea TLS Evidence would
be in these scenarios.



Maybe the President could claim that he received [EAL6] assured evidence
from intelligence that Saddam was working on nuclear WMD without
actually lying.  He probably is using highly assured equipment and
is communicating over highly assured communication links only.
Highly assured equipment higly assures that garbage in will
result in highly assured and expensive garbage out.


I also think that trying to provide any level of "non-repudiation"
on content (especially raw content) is just the opposite of where
everyone should be going.

Many US supermarkets have had a customer friendly return policy
for many years.  In Germany we didn't have it for quite a long time,
it came up a few years ago.  For online&telephone shopping, a very
customer-friendly return policy was enacted as law just 3/4 years ago.
Today, we usually do not have disputes about the content of an order
that was placed, but rather about characteristics or quality of the
product, inaccuracies of the advertisement and intend of the customer
placing the order.


-Martin

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls