Re: [Drip] Claims, Attestations, and Certificates
Robert Moskowitz <rgm@labs.htt-consult.com> Sun, 22 November 2020 03:20 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42FE23A0DAE for <tm-rid@ietfa.amsl.com>; Sat, 21 Nov 2020 19:20:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XynzhNA4AkFT for <tm-rid@ietfa.amsl.com>; Sat, 21 Nov 2020 19:20:41 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FA4A3A0DAD for <tm-rid@ietf.org>; Sat, 21 Nov 2020 19:20:41 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 9EF36626D6 for <tm-rid@ietf.org>; Sat, 21 Nov 2020 22:20:39 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id u7NOoKzKHH4I for <tm-rid@ietf.org>; Sat, 21 Nov 2020 22:20:32 -0500 (EST)
Received: from lx140e.htt-consult.com (unknown [192.168.160.29]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id EB3AB626AF for <tm-rid@ietf.org>; Sat, 21 Nov 2020 22:20:31 -0500 (EST)
From: Robert Moskowitz <rgm@labs.htt-consult.com>
To: "tm-rid@ietf.org" <tm-rid@ietf.org>
References: <a8365015-d304-05dc-874e-2e1ef28257ed@labs.htt-consult.com> <c21b29d7-d6d2-ad21-7290-3f8e0865f2fd@labs.htt-consult.com>
Message-ID: <13f19a4c-8867-a7e9-69e1-3e1b58a587be@labs.htt-consult.com>
Date: Sat, 21 Nov 2020 22:20:23 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0
MIME-Version: 1.0
In-Reply-To: <c21b29d7-d6d2-ad21-7290-3f8e0865f2fd@labs.htt-consult.com>
Content-Type: multipart/alternative; boundary="------------A4D3943F8225FD65C304D801"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/zDhxKUtJppZpaRDKiEidD5t9zXA>
Subject: Re: [Drip] Claims, Attestations, and Certificates
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2020 03:20:43 -0000
oops oops!
Responded to the wrong email.
Please ignore this message for probably a day or two...
On 11/21/20 7:15 PM, Robert Moskowitz wrote:
> OOPS!!!
>
> 7250 says:
>
>
> opaque ASN.1Cert<1..2^24-1>;
>
> struct {
> select(certificate_type){
>
> // certificate type defined in this document.
> case RawPublicKey:
> opaque ASN.1_subjectPublicKeyInfo<1..2^24-1>;
>
> // X.509 certificate defined in RFC 5246
> case X.509:
> ASN.1Cert certificate_list<0..2^24-1>;
>
> // Additional certificate type based on
> // "TLS Certificate Types" subregistry
> };
> } Certificate;
>
>
> so that is the HI, not the HIT.
>
> Thus either need to update 7250, stick with the X.509 form of the
> RAA|HDA, HHIT, HI certificate, or create something new for DTLS to use
> HHIT|HI.
>
> Opinions?
>
>
>
> On 11/18/20 4:10 PM, Robert Moskowitz wrote:
>> This is more on the CAC subject after lots of thoughts about who is
>> on 1st.
>>
>> A HHIT is a Claim.
>>
>> The entity putting forward the HHIT is making a statement, without
>> proof that there is a HI registered to the RAA|HDA and the hash
>> component of the HHIT is derived from all the appropriate information
>> following the ORCHID function.
>>
>> The Self-Attestation is an Attestation/Claim of HI ownership.
>>
>> Through the signature process, the entity putting forward the
>> Self-Attestation is proving ownership of a keypair. Validation of
>> this proof does require obtaining the HI; it is CLAIMED that the
>> RAA|HDA in the HHIT can provide the HI needed for the proof.
>>
>> The Offline-Attestation is a full Attestation of all facts.
>>
>> The 'internal' HDA Attestation of HI registration with the HDA is
>> just an Attestation, not a Certificate (see below). The 'outer'
>> envelope is an Attestation of owning the HI registered and signing.
>>
>> Finally, why an Attestation and not a Certificate?
>>
>> In my view, a Certification of Registration would contain more
>> information than currently in the HDA HI registration Attestation.
>> Minimally it should have a registration date and end of registration
>> period date. Probably more, but this is sufficient to place it as an
>> Attestation, not a Certificate.
>>
>> Thus the terminology I have used in draft-ietf-drip-rid.
>>
>> Next we can talk about all the objects in the claims draft....
>>
>> Fun stuff!
>>
>> Bob
>>
>
--
Standard Robert Moskowitz
Owner
HTT Consulting
C:248-219-2059
F:248-968-2824
E:rgm@labs.htt-consult.com
There's no limit to what can be accomplished if it doesn't matter who
gets the credit
- [Drip] Claims, Attestations, and Certificates Robert Moskowitz
- Re: [Drip] Claims, Attestations, and Certificates Robert Moskowitz
- Re: [Drip] Claims, Attestations, and Certificates Robert Moskowitz