IETF Logo Mail Archive

Re: [VoT] Vectors of Trust I-D feedback

Jim Fenton <fenton@bluepopcorn.net> Mon, 03 August 2015 22:31 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55A7E1A8A87 for <vot@ietfa.amsl.com>; Mon, 3 Aug 2015 15:31:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.111
X-Spam-Level:
X-Spam-Status: No, score=-0.111 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WF8Fn57GeSe0 for <vot@ietfa.amsl.com>; Mon, 3 Aug 2015 15:31:32 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFAA71ACED2 for <vot@ietf.org>; Mon, 3 Aug 2015 15:31:32 -0700 (PDT)
Received: from splunge.local (c-50-136-244-117.hsd1.ca.comcast.net [50.136.244.117]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.3/8.14.3/Debian-9.4) with ESMTP id t73MVOQX005184 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 3 Aug 2015 15:31:25 -0700
To: Nat Sakimura <sakimura@gmail.com>, Rainer Hoerbe <rainer@hoerbe.at>
References: <569AD906E45DB44A8AFF11D61F5DA791014ADE44CF@WLGPRDMBX02.dia.govt.nz> <39A67012-222A-4C23-B92A-B7AB55744B2D@hoerbe.at> <55BA14B2.3070105@mit.edu> <C9563753-E9E2-4990-9B7C-3AFEE232BD01@hoerbe.at> <CABzCy2AUA4ycTcj0-kgu_YaceduJRJYjruXs=X2zE1nowryGEQ@mail.gmail.com>
From: Jim Fenton <fenton@bluepopcorn.net>
X-Enigmail-Draft-Status: N1110
Message-ID: <55BFEBC2.7070209@bluepopcorn.net>
Date: Mon, 03 Aug 2015 15:31:30 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <CABzCy2AUA4ycTcj0-kgu_YaceduJRJYjruXs=X2zE1nowryGEQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------050104000800070903030508"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1438641085; bh=v4PWnvOg5l/urmx6wGk4azqu0Yv3XFzHL7MUW7kiAc4=; h=Subject:To:References:Cc:From:Date:In-Reply-To; b=PRiI6tpq630YZkkeDYEpLWsWngJFBLLv8oU6wIa2K9MGoIL9/ml9zzmNr/L+sC3/C 6xxsHSYmWGv67H7aFU52yljqaqJiJzmOJ0rLbz/7NSduBg+fSrhu/VQZFvcLMaqH4t FwqCHhCvKVjd4Vq38VN9nYKtqla2jkaF4sbAke18=
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/yjnnejfw5ZkiKqI_c_Ya49JNkw8>
Cc: "vot@ietf.org" <vot@ietf.org>, Justin Richer <jricher@mit.edu>
Subject: Re: [VoT] Vectors of Trust I-D feedback
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Aug 2015 22:31:34 -0000

To be entirely consistent with ISO/IEC 29115, we would need to rename
Identity Proofing as Enrolment, and Credential Usage as Authentication.

But ISO/IEC 29115 refers to these as phases: they occur at different
times (or, in the case of Credential Management, over a long period of
time) and have different threat models. But I would like to ask under
which circumstances a Relying Party would act differently to an
indication of less secure Credential Management vs. less secure
Authentication. There are credential management practices that would
make a credential unsuitable for highly secure authentication, but why
not just represent that as less secure authentication? VoT should be
only as complex as required; it should not represent aspects of the
process that the relying party does not need.

Also, Enrolment includes aspects of the credentialing process that go
far beyond identity proofing and the binding of those attributes in a
credential. It's the reliability of that attribute assertion that's
orthogonal to authentication strength, and not all of the other aspects
of enrolment.

Finally, I'll repeat my comment that's buried in my review of the I-D
the other day that Assertion Presentation should be visible to the RP
already. For example, if the assertion is encrypted in transit, the RP
will know that without being told. There may be need for the RP to
specify how it wants assertions to be presented to it, but that seems
like more of a general option to me and not part of the Vector.

-Jim

On 8/2/15 2:59 AM, Nat Sakimura wrote:
> I agree that we should split out the credential management and the
> credential usage. 
> Each should have different "grades". 
>
> Right now, -00 has: 
>
> 3.1. Identity Proofing 
> 3.2. Credential Management
> 3.3. Assertion Presentation 
>
>
> Instead, it could be
>
> 3.1 Identity Proofing
> 3.2 Credential Management
> 3.3 Credential Usage
> 3.4 Assertion Presentation
>
> Then, 3.1 - 3.3 aligns with X.1254 and ISO/IEC 29115, which is good. 
> Note: they are missing 3.4. 
>
> We also need to define vtm. 
> I imagine that vtm uri would point to the policy documents of the
> trust framework, 
> but that is not explicitly there. 
>
> Best, 
>
> Nat
>
>

v2.23.0 | Report a Bug | By Email