IETF Logo Mail Archive

Re: [Drip] terminology: certificates & claims

"Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com> Mon, 02 November 2020 20:43 UTC

Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E382A3A1213 for <tm-rid@ietfa.amsl.com>; Mon, 2 Nov 2020 12:43:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G01eK3jRfEf0 for <tm-rid@ietfa.amsl.com>; Mon, 2 Nov 2020 12:43:38 -0800 (PST)
Received: from mail-vk1-xa2b.google.com (mail-vk1-xa2b.google.com [IPv6:2607:f8b0:4864:20::a2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 485C53A0E1A for <tm-rid@ietf.org>; Mon, 2 Nov 2020 12:43:38 -0800 (PST)
Received: by mail-vk1-xa2b.google.com with SMTP id u202so3239320vkb.4 for <tm-rid@ietf.org>; Mon, 02 Nov 2020 12:43:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=B8iMx0Wwl0WtxWPvdC1qABdaf8M/mk1h0aLJrx+Tb/c=; b=FDg9LzEmLfmq9CGMRVkP8GSvTl6DuldnHLQksJEyzSsLQNAg78ZdQjp8aQmK2VHqAt rgLkOXO9M6xGSgBXuMyUP0tSdzQoNi9tcMefvonNblDC+oepuSsGo+Ks5yABkEZ03zmu Q398+MZFyV/1x2tOppqbs+mW8qjhZr1lOoK1E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=B8iMx0Wwl0WtxWPvdC1qABdaf8M/mk1h0aLJrx+Tb/c=; b=Hj1GUxvYxz5shPAMNbKHt2YKapbFI76KoHQsmtTzf8oMcNjSR53LOUWZS8L2YgV877 f/YsLts/uqIvOdrMH06ri+ucyRo+zClstQBpECisMf4t3sH4g7Ut3iG4Fb8vw/kXJDPH Hyke7BtB8LQMemYk4Ii33UhRjDwX5x8cHtX2Fs6awuGwxYJQiYIHogLl0GBAbA9m+Xtt 3C9xZbhbu1XDWBCu5LCrZa5D98ZSt2nT1vVhSqQU4H7CoCczIUo5hg6Qyd+TGNaZfbeD DwwPeYdipAvVPX8GFDR3OWdJndZtR2S4PNL4cIP0C7xItIoMov21D5ljF6oxX1vqObVf WTiw==
X-Gm-Message-State: AOAM530/z9JRT1311mvEXK6MIxyPts0iRzSNgfFF0P74q/Sj17Iro7j3 UNm8uFGxgj3T2h9hnLuLwUx/vaz7OEWKqCp16U7L
X-Google-Smtp-Source: ABdhPJzh7YR0F4R8j/uzwCDhO88sIESIdeNBKiBxiugNjZxghKos+iL9eVW+cyg4ssrC0AdHn4cqGJ+rBW7r2g6cQUw=
X-Received: by 2002:a1f:2ed2:: with SMTP id u201mr14069563vku.7.1604349817194; Mon, 02 Nov 2020 12:43:37 -0800 (PST)
MIME-Version: 1.0
References: <17ef73c6-c340-f9eb-9e18-4eda77c01089@axenterprize.com> <30156.1603882625@localhost> <020601d6ad42$155a3b10$400eb130$@palage.com> <165d95c0-37f8-82e1-7063-758ecf3630c8@sit.fraunhofer.de> <022c01d6ad43$afa77650$0ef662f0$@palage.com> <CAKM0pYPu7STjneBYiVE9hn2XcDr71Fki6FnX6Yv09iLzDL5nPQ@mail.gmail.com>
In-Reply-To: <CAKM0pYPu7STjneBYiVE9hn2XcDr71Fki6FnX6Yv09iLzDL5nPQ@mail.gmail.com>
From: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Date: Mon, 02 Nov 2020 15:43:25 -0500
Message-ID: <CA+r8TqXohAPg0peBTrNcur9MV9ijwkRyAxa9LZtxwwXjMJk0Uw@mail.gmail.com>
To: "Card, Stu" <stu.card@axenterprize.com>
Cc: Michael Palage <michael@palage.com>, Michael Richardson <mcr+ietf@sandelman.ca>, tm-rid@ietf.org, Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
Content-Type: multipart/alternative; boundary="000000000000f328ca05b325ccaa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/oJTGw0iOLS0U3piqGq8crgHsth8>
Subject: Re: [Drip] terminology: certificates & claims
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2020 20:43:41 -0000

So if I have reread this a few times and attempted to map what was said
here to DRIP explicitly:

Claim: a predicate where an entity (say Bob) owns an identifier (an HHIT)
[aka: Bob owns HHIT]
Assertion: a set of 1 or more claims. An HHIT as an ID for UAS RID is an
assertion. It's an assertion of a unique hash (which happens to point to an
asymmetric keypair of which only Bob should have the private key), and it
belongs in a registry (specified by the bits of the HID).
Attestations: a signed assertion. For us this is when we use the private
key of an HHIT and sign stuff - at minimum the HHIT/HI pair, or between
different parties (Registry and Operator for example) to assert
relationships.
Certificates: a narrowed definition of identities being signed by a third
party.

Claims are weak here. "Bob owns HHIT". That doesn't stop me from saying
"Adam own HHIT". Hence an Attestation is used to officially bind Bob and
HHIT together. This is what I refer to in my drafts as Certificate: X on X.
Yes it is an attestation but more specifically its a Certificate (as it
fits the definition of Certificate I declared above).

When Bob wants to become a member of a registry he is ultimately going to
provide his Certificate (on himself) and get back another certificate:
mainly Certificate: Registry on Operator. Again this is an attestation; but
it might still fit in the Certificate definition (third-party signing
[Registry], only identities and their relationships being asserted).

An example of an Attestation would be the "Offline Claim" Bob has been
discussing recently (formerly known as Certificate: Registry on Aircraft).
It's actually a multi-layered assertion. First is that the Registry attests
that the HI/HHIT keypair is valid until an expiration time and that it
approves it (using its signature). Then during a flight the UA itself
further asserts that the Attestation made by the Registry is valid (until a
given time) by signing it.

Does this make sense to anyone else but me?

On Wed, Oct 28, 2020 at 1:23 PM Card, Stu <stu.card@axenterprize.com> wrote:

> I hate to chime in agreeing that anyone (myself or another) should do
> additional work, but if you have the cycles, it should be a useful
> reference for authors and editors.
>
>
> On Wed, Oct 28, 2020 at 12:02 PM <michael@palage.com> wrote:
>
>> Henk,
>>
>> Totally agree the matrix needs to be extended.  My original choice was
>> based upon some of the internal discussion within the medical community. I
>> just found out that the matrix helped steer the discussion and provided a
>> nice internal document for the engineers that were focused on standards and
>> the lawyers that were focused on national laws.
>>
>> If others see potential benefit, I would be open to adding a RFC4949
>> column and a DRIPs column.
>>
>> Best regards,
>>
>> Michael
>>
>> -----Original Message-----
>> From: Henk Birkholz <henk.birkholz@sit.fraunhofer.de>
>> Sent: Wednesday, October 28, 2020 11:58 AM
>> To: michael@palage.com; 'Michael Richardson' <mcr+ietf@sandelman.ca>;
>> 'Stuart W. Card' <stu.card@axenterprize.com>; tm-rid@ietf.org
>> Subject: Re: [Drip] terminology: certificates & claims
>>
>> Hi Michael,
>>
>> a very preliminary observation:
>>
>> This table could definitely use an RFC4949 (or IETF, but that is way more
>> effort) column.
>>
>> Viele Grüße,
>>
>> Henk
>>
>> p.s. as a hint - Claim, Relying Party, and Verifier are used extensively
>> in the RATS WG:
>>
>>
>>
>> On 28.10.20 16:50, michael@palage.com wrote:
>> > Hello All,
>> >
>> > Attached is a document that I created in connection with some identity
>> work that I have been doing in the medical space. I created it because
>> there was confusion about certain definitional terms across different
>> standards and frameworks between the lawyers and the engineers.  I find
>> this matrix is an interesting cheat sheet to make sure that everyone is
>> operating from a common definitional framework.
>> >
>> > If the group finds any value I could expand the matrix to include some
>> of the DRIP definitional terms.
>> >
>> > Best regards,
>> >
>> > Michael
>> >
>> >
>> > -----Original Message-----
>> > From: Tm-rid <tm-rid-bounces@ietf.org> On Behalf Of Michael Richardson
>> > Sent: Wednesday, October 28, 2020 6:57 AM
>> > To: Stuart W. Card <stu.card@axenterprize.com>; tm-rid@ietf.org
>> > Subject: Re: [Drip] terminology: certificates & claims
>> >
>> >
>> > Stuart W. Card <stu.card@axenterprize.com> wrote:
>> >      > (3) Certificates consist of one or more claims, plus some
>> evidence supporting
>> >      > those claims, typically a signature of a trusted [third] party
>> attesting to
>> >      > the truth of the claims.
>> >
>> > What Carsten and Henk said.
>> > I haven't seen
>> >    "evidence supporting those claims"
>> >
>> > in any actual (PKIX) certificates.  The point of the third party is
>> usually that it provides the service of evaluating the evidence, and this
>> has, until
>> > RFC8555 (ACME) been completely non-standard as to process.
>> >
>> >      > Carsten? Michael? Anyone? Thanks!
>> >
>> > Remember that it works best if you say our name three times in front of
>> the bathroom mirror.  :-)
>> >
>> > --
>> > Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT
>> consulting )
>> >             Sandelman Software Works Inc, Ottawa and Worldwide
>> >
>> >
>> >
>> >
>> >
>>
>> --
> Tm-rid mailing list
> Tm-rid@ietf.org
> https://www.ietf.org/mailman/listinfo/tm-rid
>


-- 
73's,
Adam T. Wiethuechter
AX Enterprize, LLC

v2.23.0 | Report a Bug | By Email