IETF Logo Mail Archive

Re: [VoT] Vectors of Trust I-D feedback

Rainer Hoerbe <rainer@hoerbe.at> Thu, 30 July 2015 11:21 UTC

Return-Path: <rainer@hoerbe.at>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9971A1B24 for <vot@ietfa.amsl.com>; Thu, 30 Jul 2015 04:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.25
X-Spam-Level:
X-Spam-Status: No, score=-2.25 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1YUPH8FDFguS for <vot@ietfa.amsl.com>; Thu, 30 Jul 2015 04:21:05 -0700 (PDT)
Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de [80.67.31.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4979A1A1B2A for <vot@ietf.org>; Thu, 30 Jul 2015 04:21:01 -0700 (PDT)
Received: from [81.217.70.83] (helo=[192.168.1.33]) by smtprelay06.ispgateway.de with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.84) (envelope-from <rainer@hoerbe.at>) id 1ZKltQ-000481-AJ; Thu, 30 Jul 2015 13:20:56 +0200
Content-Type: multipart/alternative; boundary="Apple-Mail=_935C9370-19C1-46E7-A022-AECE4810E5B6"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
From: Rainer Hoerbe <rainer@hoerbe.at>
In-Reply-To: <569AD906E45DB44A8AFF11D61F5DA791014ADE44CF@WLGPRDMBX02.dia.govt.nz>
Date: Thu, 30 Jul 2015 13:20:56 +0200
Message-Id: <39A67012-222A-4C23-B92A-B7AB55744B2D@hoerbe.at>
References: <569AD906E45DB44A8AFF11D61F5DA791014ADE44CF@WLGPRDMBX02.dia.govt.nz>
To: Joanne Knight <Joanne.Knight@dia.govt.nz>
X-Mailer: Apple Mail (2.2102)
X-Df-Sender: cmhAaWRlbnRpbmV0aWNzLmNvbQ==
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/ziAuQdZvzJPpeYGD_Oqp0-q_DCM>
Cc: "vot@ietf.org" <vot@ietf.org>, Justin Richer <jricher@MIT.EDU>
Subject: Re: [VoT] Vectors of Trust I-D feedback
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jul 2015 11:21:07 -0000

The term vector seems to stick since Bob Morgan’s visualization some years ago despite some resistance. However its connotation in „2.2 Component Architecture“ is misleading, because all the language about „mathematical construct“, „coordinate system“ and „must be orthogonal“ is not properly put into context by "need for simplicity“ and "somewhat elided model“.

I suggest to use stronger wording to make it clear to the newcomer that this kind of taxonomy is by its nature an oversimplification. Fitting a square peg into a round hole is the only option to reduce the complexity of trust frameworks. There should be an emphasis that the number of vectors, their orthogonality and composition will never be a clean and undisputed derivation from real trust models, but an extension and improvement from current practices like 800-63. VoT is taking facts that are measurable out of the trust framework leaving the amorphous rest to TLDR risk assessments.

- Rainer

> Am 30.07.2015 um 06:28 schrieb Joanne Knight <Joanne.Knight@dia.govt.nz>:
> 
> Hi All
>  
> Due to workloads it has taken me a while to catch-up and I am sorry I was unable to make the Bar BoF.
>  
> I have attached a paper with my thoughts on the drafty draft as well as where my own framework has evolved to so far. I have recently latched on to a resource to aid me in progressing the Identity-related risk assessment so let me know if anyone is interested in the out-comes as not directly VoT related.
>  
> Thoughts only, take them at your whim.
>  
> Cheers
>  
> Joanne
>  
>  
>  
> From: Justin Richer [mailto:jricher@MIT.EDU] 
> Sent: Saturday, 27 June 2015 3:15 p.m.
> To: vot@ietf.org
> Subject: [VoT] Vectors of Trust I-D
>  
> Hi Everyone,
>  
> I have taken the initial strawman proposal along with a substantial number of edits and inputs from several folks and have created an initial I-D of the document:
>  
> https://tools.ietf.org/id/draft-richer-vectors-of-trust-00 <https://tools.ietf.org/id/draft-richer-vectors-of-trust-00>
>  
> It’s still a very drafty draft, but hopefully it’s starting to make this a concrete thing. Please read it over and discuss it here on the list.
>  
> I would like to propose a bar-BoF in Prague for VoT for anyone who would like to discuss this. If you’re interested (and will be there in person), let me know!
>  
>  — Justin
> <VoT Feedback.docx>_______________________________________________
> vot mailing list
> vot@ietf.org
> https://www.ietf.org/mailman/listinfo/vot

v2.23.0 | Report a Bug | By Email