Re: [VoT] Clause 7 edgy on scope? (RE: Vectors of Trust I-D)
Mark Lizar <mark@smartspecies.com> Tue, 30 June 2015 11:35 UTC
Return-Path: <mark@smartspecies.com>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E5A11A8942 for <vot@ietfa.amsl.com>; Tue, 30 Jun 2015 04:35:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3w35BqcEEFWE for <vot@ietfa.amsl.com>; Tue, 30 Jun 2015 04:35:08 -0700 (PDT)
Received: from mailscan1.extendcp.co.uk (mailscan11.extendcp.co.uk [79.170.45.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D69A21A8983 for <vot@ietf.org>; Tue, 30 Jun 2015 04:35:07 -0700 (PDT)
Received: from mailscanlb0.hi.local ([10.0.44.160] helo=mailscan4.hi.local) by mailscan-g73.hi.local with esmtp (Exim 4.80.1) (envelope-from <mark@smartspecies.com>) id 1Z9tod-0002aL-0y; Tue, 30 Jun 2015 12:35:03 +0100
Received: from mailscanlb0.hi.local ([10.0.44.160] helo=mail43.extendcp.co.uk) by mailscan4.hi.local with esmtps (UNKNOWN:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.80.1) (envelope-from <mark@smartspecies.com>) id 1Z9toc-0007U0-A0; Tue, 30 Jun 2015 12:35:03 +0100
Received: from host-2-96-222-144.as13285.net ([2.96.222.144] helo=[192.168.1.2]) by mail43.extendcp.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) id 1Z9toa-0003Z4-3z; Tue, 30 Jun 2015 12:35:00 +0100
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
Content-Type: multipart/signed; boundary="Apple-Mail=_687FF112-1682-408B-BC36-54DB63667DFA"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5
From: Mark Lizar <mark@smartspecies.com>
In-Reply-To: <69B21050-7E52-4B85-8081-8DE210DE432A@nist.gov>
Date: Tue, 30 Jun 2015 12:34:50 +0100
Message-Id: <675F1A61-4881-4365-8138-8517B2047B91@smartspecies.com>
References: <147EE18440E5AF44834B220ED35BA530014AB1AEC1@WLGPRDMBX02.dia.govt.nz> <F54072E0-5653-49B2-A370-E1C6318E7985@mit.edu> <69B21050-7E52-4B85-8081-8DE210DE432A@nist.gov>
To: "Grassi, Paul A." <paul.grassi@nist.gov>
X-Mailer: Apple Mail (2.2098)
X-Authenticated-As: mark@smartspecies.com
X-Extend-Src: mailout
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/G5qzaUjLjup6ODm4Xg7FzoH23F8>
Cc: Colin Wallis <Colin.Wallis@dia.govt.nz>, "vot@ietf.org" <vot@ietf.org>, Justin Richer <jricher@mit.edu>
Subject: Re: [VoT] Clause 7 edgy on scope? (RE: Vectors of Trust I-D)
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 11:35:11 -0000
nice and crisp. I can really start to imagine how discovery and trust marks can be used to scale trust. Although there is some additional issues around the overarching trust framework (whatever that is, I am assuming law). For example assessing trust marks so that they are appropriate for the purpose and also for application in the framework, with a robust method for assessing and asserting integrity of trust marks. In this context then I think it would be clear how the trust marks fit with VOT. Its the gap between these elements I suspect that needs to be further articulated and understood. nicely thought provoking .. > On 30 Jun 2015, at 02:35, Grassi, Paul A. <paul.grassi@nist.gov> wrote: > > I personally like the idea of discoverability at the onset, and the discussion that will follow. > > This was great to read, thanks to you and Leif for the work! > > On Jun 29, 2015, at 8:49 PM, "Justin Richer" <jricher@mit.edu <mailto:jricher@mit.edu>> wrote: > >> Colin, that’s a great question, because I’m honestly not sure what the answer is yet. I think that the vectors only make sense in the context of some kind of trust framework setup, but that sometimes those policies will be hard-coded at configuration time and won’t need to be dynamically bound or discovered. That said, I think the real value of this is going to be cross-domain where an RP could subscribe to (and understand) multiple trust marks and be able to validate them at runtime. Still, that piece might be separable enough, and perhaps substantive enough, to be its own draft. >> >> That said, I figured I’d write it down down and figure out where it’s actually supposed to go later. :) >> >> — Justin >> >>> On Jun 29, 2015, at 7:14 PM, Colin Wallis <Colin.Wallis@dia.govt.nz <mailto:Colin.Wallis@dia.govt.nz>> wrote: >>> >>> Many thanks Justin and Leif >>> >>> I’ve done a first pass/light read, and from that, I think it is a terrific first cut that gets us on the path to normalizing the discussions over the past 9 months. >>> >>> Aside from a few tidy ups, I just have this slight concern whether all of Clause 7 (Discovery and Verification) is in scope for normative text? >>> I certainly appreciate that in most implementations and deployments, there would be a dependency on an operational trust framework and trustmark. >>> But is it too big a stretch to make that normative for this work? >>> Just a thought.. and more than happy to be proven wrong.. J. >>> >>> Cheers >>> Colin >>> >>> >>> From: vot [mailto:vot-bounces@ietf.org <mailto:vot-bounces@ietf.org>] On Behalf Of Justin Richer >>> Sent: Saturday, 27 June 2015 3:15 p.m. >>> To: vot@ietf.org <mailto:vot@ietf.org> >>> Subject: [VoT] Vectors of Trust I-D >>> >>> Hi Everyone, >>> >>> I have taken the initial strawman proposal along with a substantial number of edits and inputs from several folks and have created an initial I-D of the document: >>> >>> https://tools.ietf.org/id/draft-richer-vectors-of-trust-00 <https://tools.ietf.org/id/draft-richer-vectors-of-trust-00> >>> >>> It’s still a very drafty draft, but hopefully it’s starting to make this a concrete thing. Please read it over and discuss it here on the list. >>> >>> I would like to propose a bar-BoF in Prague for VoT for anyone who would like to discuss this. If you’re interested (and will be there in person), let me know! >>> >>> — Justin >> >> _______________________________________________ >> vot mailing list >> vot@ietf.org <mailto:vot@ietf.org> >> https://www.ietf.org/mailman/listinfo/vot <https://www.ietf.org/mailman/listinfo/vot> > _______________________________________________ > vot mailing list > vot@ietf.org <mailto:vot@ietf.org> > https://www.ietf.org/mailman/listinfo/vot <https://www.ietf.org/mailman/listinfo/vot>
- [VoT] Clause 7 edgy on scope? (RE: Vectors of Tru… Colin Wallis
- Re: [VoT] Clause 7 edgy on scope? (RE: Vectors of… Justin Richer
- Re: [VoT] Clause 7 edgy on scope? (RE: Vectors of… Grassi, Paul A.
- Re: [VoT] Clause 7 edgy on scope? (RE: Vectors of… Mark Lizar
- Re: [VoT] Clause 7 edgy on scope? (RE: Vectors of… Colin Wallis
- Re: [VoT] Clause 7 edgy on scope? (RE: Vectors of… Bucci, Debbie (OS/ONC)