Re: [Uta] New I-D on VC and TLS
Orie Steele <orie@transmute.industries> Tue, 20 February 2024 13:28 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 867C1C14CEFC for <uta@ietfa.amsl.com>; Tue, 20 Feb 2024 05:28:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PQrvUKZUmHd1 for <uta@ietfa.amsl.com>; Tue, 20 Feb 2024 05:28:21 -0800 (PST)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA311C14F5F7 for <uta@ietf.org>; Tue, 20 Feb 2024 05:28:21 -0800 (PST)
Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-2909978624eso3249748a91.1 for <uta@ietf.org>; Tue, 20 Feb 2024 05:28:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1708435701; x=1709040501; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=N123UKpeiabixwrHyuuTG55k7E3w6UqzpSQRGl6mrAg=; b=Isi5WUcm88pKG5YUzFACDbdYSdqWVHz5IQV2qxgBMsg7xglUKbiPenMx9n5OzT/RfU IoPtpqxJC3Pc5ocEO0rEom2JKooOEQ2q00kJhXmUoWrEx02TbMvcRa0s2hZaifB8G9JF seNyFJC3SlTf3t8OZ5+WomwgTrnTainjurA0Xj2F045k6D09GlIfiqPgWVqHmhu07cyq CpdZ2PyCkCpRxRhSCQWGzGvZb5Pshn9wqxkG2gPM8RBHuT/oDfdWNF6RAHFw70bWAtMs skXFRlGke31l6vz6sg5nJl4cFTNmaw15Xd3Y8DSXulN1DWM8u8nwOzGE+AL1u1YB+o/n 63AQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708435701; x=1709040501; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=N123UKpeiabixwrHyuuTG55k7E3w6UqzpSQRGl6mrAg=; b=CUx26t3nNBZ9fFmf2Q2GfLEJU4H18uFs6c/vAgX2GkPfpFlv1sIrnWrZibixwx9T56 +rPWm4hsD3g0l0oinEHl+8vm42ScWlVEFPeMcoNuCt/5ZmnHbGXdjUDAJvZSQszIXJ+S TyT4TmOXW6fqyEYk/L3oJFHyyRIG5e1JWBdnBKJOeI8mUR0tWDCwtQs798G7CA18KQFh jeEEwwyalawhNK5XhZcTIgla8gENwF8py94rMLSJf3Ad5w1F45TrCQp5hF+3NITWKGC8 GJxRCPA5u58vcYyNRFtvBfR84p8HDPMBESDn2LpJsWLczWCpLrvnZL+GRjALzC9cEY9h nOhw==
X-Forwarded-Encrypted: i=1; AJvYcCVZEKQTUv7pI+cRpudNj08M6UgCRNwqxWLmzY38j+3cpYCQ4WU9MFwli42qx5GlCBr3RYPdfUQMOmHC2l0=
X-Gm-Message-State: AOJu0YyFKgX/v9G6FbOQ0iLw4Gni70jin59RVLiSINMT7iW1bMlsfXEB FCghuKrFQ7eyAuAM2ZTOWhgtWODWLeFTazFVxOmm54z7XTq2Yr8fSDkNOh+tfz8fDpe3sa6zJQz Z3TjbQPUb2+zBOzoMlE0/kKDkqO/BhFItfxdNLw==
X-Google-Smtp-Source: AGHT+IHpS1J4Sq3hI6Zth4eVo3dAHSKlFT1Mmai/eD0TJ9W5HVcSdOTz9nwHDtHm4Tn4Tcu74v9cEsLx2BU0rjgWYeE=
X-Received: by 2002:a17:90a:7341:b0:299:c5a5:cd58 with SMTP id j1-20020a17090a734100b00299c5a5cd58mr3282011pjs.21.1708435701007; Tue, 20 Feb 2024 05:28:21 -0800 (PST)
MIME-Version: 1.0
References: <D3F7994C-B82F-4890-8EB0-0BBBE3D7D608@linksfoundation.com> <e0a27c12cc1d456c9194a1dc3ea85513@huawei.com> <D4E6E6A5-0192-4C45-B8B0-204C03F2E41B@linksfoundation.com> <CAN8C-_KSJ_Cu1RiiRP67KFAm1JpPG4ntaKZJhYRF2-G28ZMuKg@mail.gmail.com>
In-Reply-To: <CAN8C-_KSJ_Cu1RiiRP67KFAm1JpPG4ntaKZJhYRF2-G28ZMuKg@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Tue, 20 Feb 2024 07:28:10 -0600
Message-ID: <CAN8C-_+2Z6moz6WVAiOCKrNA4G927PdREvZKS94wVo3LPGh3jw@mail.gmail.com>
To: Andrea Vesco <andrea.vesco@linksfoundation.com>
Cc: "Yanlei(Ray)" <ray.yanlei@huawei.com>, "uta@ietf.org" <uta@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000149ba10611d02f72"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/r0_m5dy5z0CZzM98yePTUzlQUeE>
Subject: Re: [Uta] New I-D on VC and TLS
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Feb 2024 13:28:25 -0000
Another comment, since you mention Verifiable Credentials, you may be interested to follow the SPICE WG chartering discussions on various lists: - https://datatracker.ietf.org/group/spice/about/ OS On Tue, Feb 20, 2024 at 7:25 AM Orie Steele <orie@transmute.industries> wrote: > Chair hat off, > > I'm not sure if authors will agree with this characterization, but I will > give it anyway, and authors can correct me: > > Why use VCs? > Because of the CBOR toolchain. > You should comment on if the payload is JSON-LD, if it is, then you lose > most of the value of CBOR in my view. > > Why use DIDs? > Alternative PKI, similar to "let's encrypt" or a private pki... > > More of the interesting part comes from "properties of different PKIs", > which translate to "properties of DID Methods" in this document. > It's worth being upfront about the energy cost / censorship trade offs for > the different possible solutions here. > > There is also a phenomenon in "blockchain (aka verifiable data registry)" > where infrastructure can be single use or multi-use. > > In the case that a specific ledger is used for payments, it can also be > used for key distribution, or routing, for example: > https://datatracker.ietf.org/doc/draft-mcbride-rtgwg-bgp-blockchain/ > > Of course this draft is not about payments or routing, but it is about key > distribution and TLS, and delivering those capabilities alongside places > that might already rely on a specific technology for routing or payments... > at least that is how I see it :) > > Regards, > > OS > > > > > > > > On Tue, Feb 20, 2024 at 2:51 AM Andrea Vesco < > andrea.vesco@linksfoundation.com> wrote: > >> Thanks for the comment. The I-D describes how to add VCs as a certificate >> type in TLS while maintaining the interoperability with other certificates. >> The aim is to move SSI-based authentication from the application layer down >> to TLS without changing the way SSI and TLS work. The SSI model (based on >> the use of VC [0] and DIDs [1]) specifies the use of DLT (or more generally >> Verifiable Data Registry) to store and retrieve public keys. We will >> clarify this point in the abstract and introduction of the next version. >> >> Andrea Vesco >> >> [0] https://www.w3.org/TR/vc-data-model-2.0/ >> [1] https://www.w3.org/TR/did-core/ >> >> >> > On 19 Feb 2024, at 13:40, Yanlei(Ray) <ray.yanlei@huawei.com> wrote: >> > >> > The motivation for your design needs to be described in the draft. >> > Why do you want to put the public key in the distributed ledger? >> > >> > Lei YAN >> > >> > -----Original Message----- >> > From: Uta <uta-bounces@ietf.org> On Behalf Of Andrea Vesco >> > Sent: Monday, February 19, 2024 4:57 PM >> > To: uta@ietf.org >> > Subject: [Uta] New I-D on VC and TLS >> > >> > L.Perugini and I have written an I-D on the use of Verifiable >> Credential (VC) as a new means of authentication in TLS. We think it might >> be of interest and in the scope of the UTA WG. >> > >> > Could you please give us your opinion? >> > >> > Draft >> > Datatracker https://datatracker.ietf.org/doc/draft-vesco-vcauthtls/ >> > Github https://github.com/Cybersecurity-LINKS/draft-vesco-vcauthtls >> > >> > Kind Regards, >> > Andrea Vesco >> > _______________________________________________ >> > Uta mailing list >> > Uta@ietf.org >> > https://www.ietf.org/mailman/listinfo/uta >> >> _______________________________________________ >> Uta mailing list >> Uta@ietf.org >> https://www.ietf.org/mailman/listinfo/uta >> > > > -- > > > ORIE STEELE > Chief Technology Officer > www.transmute.industries > > <https://transmute.industries> > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [Uta] New I-D on VC and TLS Andrea Vesco
- Re: [Uta] New I-D on VC and TLS Yanlei(Ray)
- Re: [Uta] New I-D on VC and TLS Andrea Vesco
- Re: [Uta] New I-D on VC and TLS Orie Steele
- Re: [Uta] New I-D on VC and TLS Orie Steele
- Re: [Uta] New I-D on VC and TLS Henk Birkholz
- Re: [Uta] New I-D on VC and TLS Stephen Farrell
- Re: [Uta] New I-D on VC and TLS Andrea Vesco
- Re: [Uta] New I-D on VC and TLS Stephen Farrell
- Re: [Uta] New I-D on VC and TLS Sean Turner
- Re: [Uta] New I-D on VC and TLS Orie Steele
- Re: [Uta] New I-D on VC and TLS Salz, Rich