IETF Logo Mail Archive

Re: [VoT] Vectors of Trust I-D feedback

Justin Richer <jricher@mit.edu> Thu, 30 July 2015 12:12 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5C0F1A870B for <vot@ietfa.amsl.com>; Thu, 30 Jul 2015 05:12:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b1p9MtWauW84 for <vot@ietfa.amsl.com>; Thu, 30 Jul 2015 05:12:48 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4F111A6F20 for <vot@ietf.org>; Thu, 30 Jul 2015 05:12:47 -0700 (PDT)
X-AuditID: 1209190f-f79716d000002ea2-ea-55ba14bd03bc
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id BB.6D.11938.DB41AB55; Thu, 30 Jul 2015 08:12:45 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id t6UCCjVH025960; Thu, 30 Jul 2015 08:12:45 -0400
Received: from [192.168.128.56] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t6UCCggl023049 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 30 Jul 2015 08:12:43 -0400
To: Rainer Hoerbe <rainer@hoerbe.at>, Joanne Knight <Joanne.Knight@dia.govt.nz>
References: <569AD906E45DB44A8AFF11D61F5DA791014ADE44CF@WLGPRDMBX02.dia.govt.nz> <39A67012-222A-4C23-B92A-B7AB55744B2D@hoerbe.at>
From: Justin Richer <jricher@mit.edu>
Message-ID: <55BA14B2.3070105@mit.edu>
Date: Thu, 30 Jul 2015 08:12:34 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <39A67012-222A-4C23-B92A-B7AB55744B2D@hoerbe.at>
Content-Type: multipart/alternative; boundary="------------010602040503000806090000"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprOKsWRmVeSWpSXmKPExsUixG6nortXZFeowYc2M4tVP8+wWkyc+YLR ouHnA1YHZo8jkwo8Oi4uY/ZYsuQnUwBzFJdNSmpOZllqkb5dAlfGxVuzWQq2llRcWHqPqYFx W0gXIyeHhICJxNOFE5ghbDGJC/fWs3UxcnEICSxmkmg6+ZEVwtnIKHFi7hVmCOc2k0T/6h+M IC3CAgYSx6/1ANkcHCICERIferwhapoZJW5NaGEFqWEWUJQ4N+0cWD2bgKrE9DUtTCA2r4Ca ROv836wgvSxA8VdPY0HCogIxEvNXTGeGKBGUODnzCQtICaeArcT3ZneIiWESe7o/sk5gFJiF pGoWkhSEbSYxb/NDZghbXqJ562wgmwPIVpNY1qqELLyAkW0Vo2xKbpVubmJmTnFqsm5xcmJe XmqRrolebmaJXmpK6SZGUPhzSvLvYPx2UOkQowAHoxIP74Q5O0OFWBPLiitzDzFKcjApifJO 5d8VKsSXlJ9SmZFYnBFfVJqTWnyIUYKDWUmE12INUDlvSmJlVWpRPkxKmoNFSZx30w++ECGB 9MSS1OzU1ILUIpisDAeHkgTvO2GgoYJFqempFWmZOSUIaSYOTpDhPEDD94LU8BYXJOYWZ6ZD 5E8xKkqJ8/qCJARAEhmleXC9sPT0ilEc6BVh3m6QKh5gaoPrfgU0mAlocF/7DpDBJYkIKakG xinXBKbyWjk5/Dy0xup6mrTMh/3H3zi0mQoazVuQveHLy+ltKXX718fWscQbprB230kRMH5b 05oq0XdE+5fu6VTOWScnzayub7wo6vysxtV4uoT4ezejkIJ1/g+n3YjQOfxqSrv3sopZ/he6 uV9+k3540NbYumOHitZkpTzrlxrFjJGOf16tUmIpzkg01GIuKk4EAEGodLAqAwAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/7gFTRu5D8jf6HdJrymJpo75CwiA>
Cc: "vot@ietf.org" <vot@ietf.org>
Subject: Re: [VoT] Vectors of Trust I-D feedback
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2015 12:12:51 -0000

Rainer,

Thanks for this input, this is helpful. When Leif and I picked the term 
"Vectors of Trust" we knew that each part of that phrase was problematic 
in some fashion, but we've yet to hear something that's more 
serviceable. This is the reasoning behind the explanatory section at the 
beginning, actually. Can you suggest some text for a better way to 
situate the terms?

  -- Justin

On 7/30/2015 7:20 AM, Rainer Hoerbe wrote:
> The term vector seems to stick since Bob Morgan’s visualization some 
> years ago despite some resistance. However its connotation in „2.2 
> Component Architecture“ is misleading, because all the language about 
> „mathematical construct“, „coordinate system“ and „must be orthogonal“ 
> is not properly put into context by "need for simplicity“ and 
> "somewhat elided model“.
>
> I suggest to use stronger wording to make it clear to the newcomer 
> that this kind of taxonomy is by its nature an oversimplification. 
> Fitting a square peg into a round hole is the only option to reduce 
> the complexity of trust frameworks. There should be an emphasis that 
> the number of vectors, their orthogonality and composition will never 
> be a clean and undisputed derivation from real trust models, but an 
> extension and improvement from current practices like 800-63. VoT is 
> taking facts that are measurable out of the trust framework leaving 
> the amorphous rest to TLDR risk assessments.
>
> - Rainer
>
>> Am 30.07.2015 um 06:28 schrieb Joanne Knight 
>> <Joanne.Knight@dia.govt.nz <mailto:Joanne.Knight@dia.govt.nz>>:
>>
>> Hi All
>>
>> Due to workloads it has taken me a while to catch-up and I am sorry I 
>> was unable to make the Bar BoF.
>>
>> I have attached a paper with my thoughts on the drafty draft as well 
>> as where my own framework has evolved to so far. I have recently 
>> latched on to a resource to aid me in progressing the 
>> Identity-related risk assessment so let me know if anyone is 
>> interested in the out-comes as not directly VoT related.
>>
>> Thoughts only, take them at your whim.
>>
>> Cheers
>>
>> Joanne
>>
>> *From:*Justin Richer [mailto:jricher@MIT.EDU]
>> *Sent:* Saturday, 27 June 2015 3:15 p.m.
>> *To:* vot@ietf.org <mailto:vot@ietf.org>
>> *Subject:* [VoT] Vectors of Trust I-D
>>
>> Hi Everyone,
>>
>> I have taken the initial strawman proposal along with a substantial 
>> number of edits and inputs from several folks and have created an 
>> initial I-D of the document:
>>
>> https://tools.ietf.org/id/draft-richer-vectors-of-trust-00
>>
>> It’s still a very drafty draft, but hopefully it’s starting to make 
>> this a concrete thing. Please read it over and discuss it here on the 
>> list.
>>
>> I would like to propose a bar-BoF in Prague for VoT for anyone who 
>> would like to discuss this. If you’re interested (and will be there 
>> in person), let me know!
>>
>>  — Justin
>>
>> <VoT Feedback.docx>_______________________________________________
>> vot mailing list
>> vot@ietf.org <mailto:vot@ietf.org>
>> https://www.ietf.org/mailman/listinfo/vot
>

v2.23.0 | Report a Bug | By Email