Re: [Uta] New I-D on VC and TLS
Henk Birkholz <henk.birkholz@ietf.contact> Tue, 20 February 2024 13:33 UTC
Return-Path: <henk.birkholz@ietf.contact>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA3B4C14CF01 for <uta@ietfa.amsl.com>; Tue, 20 Feb 2024 05:33:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ietf.contact
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lTIks_5FW2yD for <uta@ietfa.amsl.com>; Tue, 20 Feb 2024 05:33:23 -0800 (PST)
Received: from smtp04-ext3.udag.de (smtp04-ext3.udag.de [62.146.106.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4190CC151065 for <uta@ietf.org>; Tue, 20 Feb 2024 05:33:23 -0800 (PST)
Received: from [192.168.16.50] (p4fce9f0e.dip0.t-ipconnect.de [79.206.159.14]) by smtp04-ext3.udag.de (Postfix) with ESMTPA id 530F1E03BB; Tue, 20 Feb 2024 14:33:19 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ietf.contact; s=uddkim-202310; t=1708436001; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=P4v+MTVLYtbHnIZsYSVrCRJL4W9LEoPG+IvWDqm3nMk=; b=CmMvexRfIdB3qFKWB72287YWouWKfXkJnsl8Dz/Rgtti82x6ic+slQWQOckDFBdBl+y1X5 tFv6Oe8w7QaJeO7f3PIhYabhSriZ2VXlXwPfIE0IAx12PIWRnkjs8ud/HIt9/5Lt9ycj6m TdVoUSLnqoR+DvtX8AIw01i0HVAdbNmBp4+X8jb5sgIZ41nal5KiWFTTvWykUisr0Od/b+ M7kSnCBpngZwKP6yOJna8q/P8uJQ5crMzb1QgXfYhLFD4vcRkKWL3d77U81vCfinpbQySD SDpn4Dbo6+K2X2F016ZQU5wkxITaKod4s4grBkuhRqJ+IyR1qLtE04A3ncHZCw==
Message-ID: <ffe5955f-0939-f3e3-afdf-f7e1e62b4c0d@ietf.contact>
Date: Tue, 20 Feb 2024 14:33:18 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0
Content-Language: en-US
To: Orie Steele <orie@transmute.industries>, Andrea Vesco <andrea.vesco@linksfoundation.com>
Cc: "Yanlei(Ray)" <ray.yanlei@huawei.com>, "uta@ietf.org" <uta@ietf.org>
References: <D3F7994C-B82F-4890-8EB0-0BBBE3D7D608@linksfoundation.com> <e0a27c12cc1d456c9194a1dc3ea85513@huawei.com> <D4E6E6A5-0192-4C45-B8B0-204C03F2E41B@linksfoundation.com> <CAN8C-_KSJ_Cu1RiiRP67KFAm1JpPG4ntaKZJhYRF2-G28ZMuKg@mail.gmail.com>
From: Henk Birkholz <henk.birkholz@ietf.contact>
In-Reply-To: <CAN8C-_KSJ_Cu1RiiRP67KFAm1JpPG4ntaKZJhYRF2-G28ZMuKg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Authentication-Results: smtp04-ext3.udag.de; auth=pass smtp.auth=henk.birkholz@ietf.contact smtp.mailfrom=henk.birkholz@ietf.contact
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/VgAU8LdwjKd4ozrD9pTvdw9Ux28>
Subject: Re: [Uta] New I-D on VC and TLS
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2024 13:33:27 -0000
Hi UTA list, I rarely post here, but I would like to a very individual opinion for once. Please feel free to ignore. If you inherit JSON-LD (as part of VC) from W3C, then... why bother? Web Token Claims in the IETF and JSON-LD fragments in the W3C are a clear demarcation line between the work of the two SDO, currently. Viele Grüße, Henk On 20.02.24 14:25, Orie Steele wrote: > Chair hat off, > > I'm not sure if authors will agree with this characterization, but I > will give it anyway, and authors can correct me: > > Why use VCs? > Because of the CBOR toolchain. > You should comment on if the payload is JSON-LD, if it is, then you lose > most of the value of CBOR in my view. > > Why use DIDs? > Alternative PKI, similar to "let's encrypt" or a private pki... > > More of the interesting part comes from "properties of different PKIs", > which translate to "properties of DID Methods" in this document. > It's worth being upfront about the energy cost / censorship trade offs > for the different possible solutions here. > > There is also a phenomenon in "blockchain (aka verifiable data > registry)" where infrastructure can be single use or multi-use. > > In the case that a specific ledger is used for payments, it can also be > used for key distribution, or routing, for example: > https://datatracker.ietf.org/doc/draft-mcbride-rtgwg-bgp-blockchain/ > <https://datatracker.ietf.org/doc/draft-mcbride-rtgwg-bgp-blockchain/> > > Of course this draft is not about payments or routing, but it is about > key distribution and TLS, and delivering those capabilities alongside > places that might already rely on a specific technology for routing or > payments... at least that is how I see it :) > > Regards, > > OS > > > > > > > > On Tue, Feb 20, 2024 at 2:51 AM Andrea Vesco > <andrea.vesco@linksfoundation.com > <mailto:andrea.vesco@linksfoundation.com>> wrote: > > Thanks for the comment. The I-D describes how to add VCs as a > certificate type in TLS while maintaining the interoperability with > other certificates. The aim is to move SSI-based authentication from > the application layer down to TLS without changing the way SSI and > TLS work. The SSI model (based on the use of VC [0] and DIDs [1]) > specifies the use of DLT (or more generally Verifiable Data > Registry) to store and retrieve public keys. We will clarify this > point in the abstract and introduction of the next version. > > Andrea Vesco > > [0] https://www.w3.org/TR/vc-data-model-2.0/ > <https://www.w3.org/TR/vc-data-model-2.0/> > [1] https://www.w3.org/TR/did-core/ <https://www.w3.org/TR/did-core/> > > > > On 19 Feb 2024, at 13:40, Yanlei(Ray) <ray.yanlei@huawei.com > <mailto:ray.yanlei@huawei.com>> wrote: > > > > The motivation for your design needs to be described in the draft. > > Why do you want to put the public key in the distributed ledger? > > > > Lei YAN > > > > -----Original Message----- > > From: Uta <uta-bounces@ietf.org <mailto:uta-bounces@ietf.org>> On > Behalf Of Andrea Vesco > > Sent: Monday, February 19, 2024 4:57 PM > > To: uta@ietf.org <mailto:uta@ietf.org> > > Subject: [Uta] New I-D on VC and TLS > > > > L.Perugini and I have written an I-D on the use of Verifiable > Credential (VC) as a new means of authentication in TLS. We think > it might be of interest and in the scope of the UTA WG. > > > > Could you please give us your opinion? > > > > Draft > > Datatracker > https://datatracker.ietf.org/doc/draft-vesco-vcauthtls/ > <https://datatracker.ietf.org/doc/draft-vesco-vcauthtls/> > > Github > https://github.com/Cybersecurity-LINKS/draft-vesco-vcauthtls > <https://github.com/Cybersecurity-LINKS/draft-vesco-vcauthtls> > > > > Kind Regards, > > Andrea Vesco > > _______________________________________________ > > Uta mailing list > > Uta@ietf.org <mailto:Uta@ietf.org> > > https://www.ietf.org/mailman/listinfo/uta > <https://www.ietf.org/mailman/listinfo/uta> > > _______________________________________________ > Uta mailing list > Uta@ietf.org <mailto:Uta@ietf.org> > https://www.ietf.org/mailman/listinfo/uta > <https://www.ietf.org/mailman/listinfo/uta> > > > > -- > > > ORIE STEELE > Chief Technology Officer > www.transmute.industries > > <https://transmute.industries> >
- [Uta] New I-D on VC and TLS Andrea Vesco
- Re: [Uta] New I-D on VC and TLS Yanlei(Ray)
- Re: [Uta] New I-D on VC and TLS Andrea Vesco
- Re: [Uta] New I-D on VC and TLS Orie Steele
- Re: [Uta] New I-D on VC and TLS Orie Steele
- Re: [Uta] New I-D on VC and TLS Henk Birkholz
- Re: [Uta] New I-D on VC and TLS Stephen Farrell
- Re: [Uta] New I-D on VC and TLS Andrea Vesco
- Re: [Uta] New I-D on VC and TLS Stephen Farrell
- Re: [Uta] New I-D on VC and TLS Sean Turner
- Re: [Uta] New I-D on VC and TLS Orie Steele
- Re: [Uta] New I-D on VC and TLS Salz, Rich