Re: [VoT] Vectors of Trust I-D feedback
Ira McDonald <blueroofmusic@gmail.com> Mon, 03 August 2015 23:23 UTC
Return-Path: <blueroofmusic@gmail.com>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 230561B29BE for <vot@ietfa.amsl.com>; Mon, 3 Aug 2015 16:23:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hJmfGBbchDAm for <vot@ietfa.amsl.com>; Mon, 3 Aug 2015 16:23:03 -0700 (PDT)
Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 402FE1B29CB for <vot@ietf.org>; Mon, 3 Aug 2015 16:23:03 -0700 (PDT)
Received: by igk11 with SMTP id 11so82048870igk.1 for <vot@ietf.org>; Mon, 03 Aug 2015 16:23:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=GIkSnq8sCvo/L+HjXlEmzYpogBB31bxhfYPtsbNE0L0=; b=tGdmcwmc0jB1zmkXvDZ3JDGtLwV/2NBv4a79PlAaxEK5frOpOC0ys8uSQUcjTn6ZyG beb0fAw4X9F53h5pPVIq1nfbfEYxa5Mb71b/uSQVfggyeBVUaT2KN/7qEN0sDZ5xiZPa BFNaZGaLPpcScl8k++8DikQYxsdksnEa8Wm71C78t5gZggltNB9qafTLYHmM9MssnpQa cwKyIPMjg0ytTT2RvG6bXu5PBST/dud0dor0C91o7H89Fuef+cBZXZQC55J+qvoHxDyS /ZFLTSLdOWyBEyaTZU7nASx2nUMMNDqvRLiS07LRdehuaTAKGui/+HyP3p9ad8UY9KFL QlPw==
X-Received: by 10.50.43.134 with SMTP id w6mr24219141igl.74.1438644182691; Mon, 03 Aug 2015 16:23:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.176.149 with HTTP; Mon, 3 Aug 2015 16:22:43 -0700 (PDT)
In-Reply-To: <55BFEBC2.7070209@bluepopcorn.net>
References: <569AD906E45DB44A8AFF11D61F5DA791014ADE44CF@WLGPRDMBX02.dia.govt.nz> <39A67012-222A-4C23-B92A-B7AB55744B2D@hoerbe.at> <55BA14B2.3070105@mit.edu> <C9563753-E9E2-4990-9B7C-3AFEE232BD01@hoerbe.at> <CABzCy2AUA4ycTcj0-kgu_YaceduJRJYjruXs=X2zE1nowryGEQ@mail.gmail.com> <55BFEBC2.7070209@bluepopcorn.net>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Mon, 03 Aug 2015 19:22:43 -0400
Message-ID: <CAN40gSv9PD9MUnvnNS1H3hu2Ook7BV+BZP34uUtk8NRMv-8sKA@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>, Ira McDonald <blueroofmusic@gmail.com>
Content-Type: multipart/alternative; boundary="089e01184b0c77b503051c7073bc"
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/5ij6SYojrnHC8wyF6mJxaEUCGP4>
Cc: Nat Sakimura <sakimura@gmail.com>, Rainer Hoerbe <rainer@hoerbe.at>, Justin Richer <jricher@mit.edu>, "vot@ietf.org" <vot@ietf.org>
Subject: Re: [VoT] Vectors of Trust I-D feedback
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2015 23:23:06 -0000
Hi, And for those who forgot (I did), ISO 29115 is technically equivalent to ITU-T X.1254 (and the latter's available online for free download in PDF). Cheers, - Ira Ira McDonald (Musician / Software Architect) Co-Chair - TCG Trusted Mobility Solutions WG Chair - Linux Foundation Open Printing WG Secretary - IEEE-ISTO Printer Working Group Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG IETF Designated Expert - IPP & Printer MIB Blue Roof Music / High North Inc http://sites.google.com/site/blueroofmusic http://sites.google.com/site/highnorthinc mailto: blueroofmusic@gmail.com Winter 579 Park Place Saline, MI 48176 734-944-0094 Summer PO Box 221 Grand Marais, MI 49839 906-494-2434 On Mon, Aug 3, 2015 at 6:31 PM, Jim Fenton <fenton@bluepopcorn.net> wrote: > To be entirely consistent with ISO/IEC 29115, we would need to rename > Identity Proofing as Enrolment, and Credential Usage as Authentication. > > But ISO/IEC 29115 refers to these as phases: they occur at different times > (or, in the case of Credential Management, over a long period of time) and > have different threat models. But I would like to ask under which > circumstances a Relying Party would act differently to an indication of > less secure Credential Management vs. less secure Authentication. There are > credential management practices that would make a credential unsuitable for > highly secure authentication, but why not just represent that as less > secure authentication? VoT should be only as complex as required; it should > not represent aspects of the process that the relying party does not need. > > Also, Enrolment includes aspects of the credentialing process that go far > beyond identity proofing and the binding of those attributes in a > credential. It's the reliability of that attribute assertion that's > orthogonal to authentication strength, and not all of the other aspects of > enrolment. > > Finally, I'll repeat my comment that's buried in my review of the I-D the > other day that Assertion Presentation should be visible to the RP already. > For example, if the assertion is encrypted in transit, the RP will know > that without being told. There may be need for the RP to specify how it > wants assertions to be presented to it, but that seems like more of a > general option to me and not part of the Vector. > > -Jim > > On 8/2/15 2:59 AM, Nat Sakimura wrote: > > I agree that we should split out the credential management and the > credential usage. > Each should have different "grades". > > Right now, -00 has: > > 3.1. Identity Proofing > 3.2. Credential Management > 3.3. Assertion Presentation > > Instead, it could be > > 3.1 Identity Proofing > 3.2 Credential Management > 3.3 Credential Usage > 3.4 Assertion Presentation > > Then, 3.1 - 3.3 aligns with X.1254 and ISO/IEC 29115, which is good. > Note: they are missing 3.4. > > We also need to define vtm. > I imagine that vtm uri would point to the policy documents of the trust > framework, > but that is not explicitly there. > > Best, > > Nat > > > > > _______________________________________________ > vot mailing list > vot@ietf.org > https://www.ietf.org/mailman/listinfo/vot > >
- [VoT] Vectors of Trust I-D feedback Joanne Knight
- Re: [VoT] Vectors of Trust I-D feedback Rainer Hoerbe
- Re: [VoT] Vectors of Trust I-D feedback Justin Richer
- Re: [VoT] Vectors of Trust I-D feedback Rainer Hoerbe
- Re: [VoT] Vectors of Trust I-D feedback Nat Sakimura
- Re: [VoT] Vectors of Trust I-D feedback Jim Fenton
- Re: [VoT] Vectors of Trust I-D feedback Ira McDonald
- Re: [VoT] Vectors of Trust I-D feedback Nat Sakimura
- Re: [VoT] Vectors of Trust I-D feedback Joanne Knight
- Re: [VoT] Vectors of Trust I-D feedback Nat Sakimura
- Re: [VoT] Vectors of Trust I-D feedback Nat Sakimura
- Re: [VoT] Vectors of Trust I-D feedback Salvatore D'Agostino
- Re: [VoT] Vectors of Trust I-D feedback Rainer Hoerbe
- Re: [VoT] Vectors of Trust I-D feedback sakimura
- Re: [VoT] Vectors of Trust I-D feedback sakimura
- Re: [VoT] Vectors of Trust I-D feedback Nat Sakimura
- Re: [VoT] Vectors of Trust I-D feedback Patrick Curry
- Re: [VoT] Vectors of Trust I-D feedback Justin Richer
- Re: [VoT] Vectors of Trust I-D feedback Jim Fenton