Re: [VCARDDAV] Signed vCards

DataPacRat <datapacrat@gmail.com> Mon, 01 July 2013 14:20 UTC

Return-Path: <datapacrat@gmail.com>
X-Original-To: vcarddav@ietfa.amsl.com
Delivered-To: vcarddav@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B69E011E810A for <vcarddav@ietfa.amsl.com>; Mon, 1 Jul 2013 07:20:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.246
X-Spam-Level:
X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[AWL=-0.246, BAYES_00=-2.599, J_CHICKENPOX_35=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6tMzEbWtyjln for <vcarddav@ietfa.amsl.com>; Mon, 1 Jul 2013 07:20:36 -0700 (PDT)
Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) by ietfa.amsl.com (Postfix) with ESMTP id 0692611E81F3 for <vcarddav@ietf.org>; Mon, 1 Jul 2013 07:20:35 -0700 (PDT)
Received: by mail-wi0-f182.google.com with SMTP id m6so3123790wiv.9 for <vcarddav@ietf.org>; Mon, 01 Jul 2013 07:20:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=H4jVscfz5/qn0FLt4KMMhwcwm74nKx3WEAE96uV1ny4=; b=k+7eCXwwMDUgepNpjy+TDPC2MAdOZVxByya31kQkYZILaB9Yv3pePIDZ1FYTehv8ku wUex8LZLz6Qyzu/G2SLleAhWQXvrvr29ltMnWOvnVuOSlP1B8/ZJN1VLfpEfpAopaRwZ XMhi/1ZB2MQfOZjQRPMQYD2w6qOMbf+9/ZOgvp7dPzWByC0DOO+wN0Svhbtb2vqSOHoe gjV5ZXnZ9+kGk3O4/nkKAKCo7D4ADHrBSEAJY6PjNtcWDbg89wsTS6OV2B7aLIBUDnQ7 iGR/C3Y+q49dPHj5Wygm9mFGEjk+ji+7GXRGjSfGjYhMyJLR5C7CCZRqNH06UR0nl/GT mKCA==
MIME-Version: 1.0
X-Received: by 10.180.185.148 with SMTP id fc20mr12465672wic.0.1372688434757; Mon, 01 Jul 2013 07:20:34 -0700 (PDT)
Received: by 10.194.243.193 with HTTP; Mon, 1 Jul 2013 07:20:34 -0700 (PDT)
In-Reply-To: <51D18BC4.5030300@cisco.com>
References: <CAB5WduA09GVZ7j2q4e9aM-CYBj27_deKT=VHhVL0+gzG1yRq0A@mail.gmail.com> <CAD6ztsqqQwbN_-yv9+-tHuh8X1MfBRKEqF6ugH=0avHTuKxzWA@mail.gmail.com> <CAB5WduCO7mNPAqgqYWXmceog3wVNox5reUAjsCQRUXRQB0Wftw@mail.gmail.com> <51D18BC4.5030300@cisco.com>
Date: Mon, 01 Jul 2013 10:20:34 -0400
Message-ID: <CAB5WduAJSiqEjsw+DUo4Emy-Tw30nTw1WA2MshxJAfHN1sh0WA@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Eliot Lear <lear@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: Skip Levens <skip@legacyportal.com>, Barry Leiba <barryleiba@computer.org>, "vcarddav@ietf.org" <vcarddav@ietf.org>
Subject: Re: [VCARDDAV] Signed vCards
X-BeenThere: vcarddav@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF vcarddav wg mailing list <vcarddav.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vcarddav>
List-Post: <mailto:vcarddav@ietf.org>
List-Help: <mailto:vcarddav-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2013 14:20:37 -0000

On Mon, Jul 1, 2013 at 10:01 AM, Eliot Lear <lear@cisco.com> wrote:
> Is the idea here to tie authority to a particular attribute set within a
> vCard?  Your issue is what to use as a distinguished name in some way
> that is at all verifiable.  Can you get a bit more specific about your
> use case?  As you mentioned, this can get quite messy.

While playing with vCard as a container for time-and-space data is a
fun exercise, my primary use case is identity authentication over
otherwise anonymized networks such as Tor. While some forums thereon
could be referred to using the proposed acct: URI, using the forum's
.onion address and the user's account name, not all are so easy to
work with. (Eg, "I'm the person who programmed the software which made
the edit at 2010-11-12T12:34:56 to wiki page XYZ on site ABC.onion
(whose server lay in the house that Jack built).")


> I'm also aware
> that somewhere along the way you're probably going to have to
> canonicalize the information because vCards don't maintain ordering...

It may be possible to get away without that by using the order of the
fields listed in HASHED-FIELDS (or whatever it gets called) as the
'canonical' order for that particular signing. Short of that, or if a
HASHED-FIELDS field is missing, alphabetical order is probably the
most practical way to go, which would ruffle the fewest feathers.



Thank you for your time,
--
DataPacRat
"Then again, I could be wrong."