IETF Logo Mail Archive

Re: [VoT] Vectors of Trust I-D

Justin Richer <jricher@mit.edu> Tue, 30 June 2015 15:54 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D0EC1ACD28 for <vot@ietfa.amsl.com>; Tue, 30 Jun 2015 08:54:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.311
X-Spam-Level:
X-Spam-Status: No, score=-2.311 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nm5Li8rLAtlq for <vot@ietfa.amsl.com>; Tue, 30 Jun 2015 08:54:28 -0700 (PDT)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 738851AC42B for <vot@ietf.org>; Tue, 30 Jun 2015 08:54:28 -0700 (PDT)
X-AuditID: 12074424-f79b46d000001e7f-8e-5592bbb34741
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id AE.16.07807.3BBB2955; Tue, 30 Jun 2015 11:54:27 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t5UFsQo5001794; Tue, 30 Jun 2015 11:54:26 -0400
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t5UFsO5V001581 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 30 Jun 2015 11:54:26 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_3DA89513-05CB-4F62-918E-4B0B9D50E2E6"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <55929843.2030104@bluepopcorn.net>
Date: Tue, 30 Jun 2015 11:54:24 -0400
Message-Id: <A202983A-96F5-498B-9096-B6C3523A1C14@mit.edu>
References: <4DF01AF4-CD33-4BB7-958B-FFECD37C8AFE@mit.edu> <55929843.2030104@bluepopcorn.net>
To: Jim Fenton <fenton@bluepopcorn.net>
X-Mailer: Apple Mail (2.2098)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupnleLIzCtJLcpLzFFi42IRYrdT1928e1KowcZvwhbfOmcxWzT8fMDq wOTxdNUrJo8lS34yBTBFcdmkpOZklqUW6dslcGU0dJ1gL/jkXfF3+UT2BsYDtl2MHBwSAiYS 818EdjFyApliEhfurWfrYuTiEBJYzCTR9fUYC4SzkVHiwbVOVgjnIZPEkb6bbCAtzAIJEueP nWcFsXkF9CQePX3MDmILC6hLNK3sZwKx2QRUJaavaQGzOQX0JZpPTgezWYDih7sbWCHmCEjM PTSNCWKOlcScXYvAbCGBWInFX9aD7RIBmvmgYwUjxNWyEl+3yk1gFJiF5IpZSK6AiGtLLFv4 mhnCNpB42vmKFVNcX+LNuzlMCxjZVjHKpuRW6eYmZuYUpybrFicn5uWlFuma6+VmluilppRu YgSHu4vKDsbmQ0qHGAU4GJV4eHc8nxgqxJpYVlyZe4hRkoNJSZT38K5JoUJ8SfkplRmJxRnx RaU5qcWHGCU4mJVEeHuagHK8KYmVValF+TApaQ4WJXHeTT/4QoQE0hNLUrNTUwtSi2CyMhwc ShK8jSBDBYtS01Mr0jJzShDSTBycIMN5gIbHgtTwFhck5hZnpkPkTzEqSonz1oEkBEASGaV5 cL2wdPSKURzoFWHeXSBVPMBUBtf9CmgwE9Dgl/Zgg0sSEVJSDYyTlZbNcojriVdZumipxTaR te2L9p3SvF42aXPC0/+R+hlp3zUm3Pv11GjBu4vSFWq/CvrK96+bXlX8/dGRWzVzmr4vPX5+ SdbGA1vm/fr8O98wUMMrob1Ed1HwE/U57R2935wu6+ux2f5YHp9r/yWrd9edE1sKnpn9K7kt Oe9gwq6govZtmv8dlFiKMxINtZiLihMBaC8IFyIDAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/ZuZktVhhywTm0b48D3v5z4npxDk>
Cc: vot@ietf.org
Subject: Re: [VoT] Vectors of Trust I-D
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 15:54:31 -0000

Leif and I went back and forth on this one and decided to put a stake in the ground to start at. One of the biggest challenges in LoA-style systems has always been the overloading of the linear scale model. I’ve seen passionate arguments about the ordering of otherwise similar components, with people willing to die for the cause on both sides. I think that we can side step that with the technology expression while still keeping the “common sense semantics” of ordinals. In that “2 is probably better than 1 for most values of better but mostly they’re just different”.

I’m also afraid of the growth of the space for each component, but hopefully by having a few definitions set good examples (like the spec itself) we can encourage people to summarize the categories appropriately, as Josh talks about in his response.

While I agree that naming things is hard, and I’m open to new names, I’m very strongly against the use of “token” here. It’s already far too overloaded a term. OAuth issues tokens, FIDO calls their devices tokens, the IETF’s “token binding” is calling something (that I’m not even sure what it is) tokens, even the WS-* folks have started to re-cast all the WS-* stuff as “tokens”. I think the more precise term is “primary credential” or “primary user credential”. Neither of these have anything to do with the attributes, but they do speak to how strongly bound the credential is to the account. Still, I’m open to better names.

Thanks for the feedback,
 — Justin

> On Jun 30, 2015, at 9:23 AM, Jim Fenton <fenton@bluepopcorn.net> wrote:
> 
> Justin and Leif, thanks for getting things moving with this draft.
> 
> The biggest surprise to me is that (section 2.2, last paragraph) the components of the vector do not have ordinal properties; i.e., they are just an enumerated list. Aside from confusing people that are expecting a vector to be a set of scalars, it also requires Relying Parties, for example, to enumerate all of the types of credential management they will accept rather than "C2 or better". This isn't a huge problem at the current scale, but I'm concerned that the number of choices might grow.
> 
> I also have some problem with the use of the term "credential" because it encompasses management of attributes as well as tokens, which then overlaps with the identity proofing dimension which is, more generally, the question of how strongly the relying party can depend on attribute values.  I'd rather that we use the term "token" rather than "credential" to keep these separate.
> 
> -Jim
> 
> On 6/26/15 8:15 PM, Justin Richer wrote:
>> Hi Everyone,
>> 
>> I have taken the initial strawman proposal along with a substantial number of edits and inputs from several folks and have created an initial I-D of the document:
>> 
>> https://tools.ietf.org/id/draft-richer-vectors-of-trust-00 <https://tools.ietf.org/id/draft-richer-vectors-of-trust-00>
>> 
>> It’s still a very drafty draft, but hopefully it’s starting to make this a concrete thing. Please read it over and discuss it here on the list.
>> 
>> I would like to propose a bar-BoF in Prague for VoT for anyone who would like to discuss this. If you’re interested (and will be there in person), let me know!
>> 
>>  — Justin
>> 
>> 
>> _______________________________________________
>> vot mailing list
>> vot@ietf.org <mailto:vot@ietf.org>
>> https://www.ietf.org/mailman/listinfo/vot <https://www.ietf.org/mailman/listinfo/vot>
>

v2.23.0 | Report a Bug | By Email