IETF Logo Mail Archive

Re: [vwrap] "Trust Domains", conditioners and refineries

Dzonatas Sol <dzonatas@gmail.com> Sat, 02 April 2011 00:22 UTC

Return-Path: <dzonatas@gmail.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0CBF83A69B6 for <vwrap@core3.amsl.com>; Fri, 1 Apr 2011 17:22:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.551
X-Spam-Level:
X-Spam-Status: No, score=-3.551 tagged_above=-999 required=5 tests=[AWL=0.048, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DDXY7NE0wmHf for <vwrap@core3.amsl.com>; Fri, 1 Apr 2011 17:22:34 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 765993A69AE for <vwrap@ietf.org>; Fri, 1 Apr 2011 17:22:34 -0700 (PDT)
Received: by iwn39 with SMTP id 39so4661301iwn.31 for <vwrap@ietf.org>; Fri, 01 Apr 2011 17:24:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=5V5Zg5+cUDl5cPrAM81p2J/jxVGdAamUQ9xM+9/XQ4o=; b=ErLf7mUrbY9qMgNqTQVXHfUInszdIx4u+AmwgTKrYVaDFRU8K5ItuIg/iyOhRSAF2Y PubjZcJ3U7qCwr7gmUNd+Q+oBEkthioNGkqp7zwCshSzQ/r5XU6lE4raLK8/ysVAvQqI NdNg/XfMWvrisijTyRdivD3Xw45DpxiDoIcjM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=LLpNmICR9jNYhRnAqUFLJphypCqbDiRBf3/LjpXkiNfqEnU+QHZsYkreiIMbqkActN brpCHpNJ40B+4hc0VHQBeoWB2JgG6a94ZlnKeYes7K9kf7nLrFlkry4J38sgjfPn4kvh MiSZ5cq3USXQa3yyUXYZIF6cnKfoz13k6nAsM=
Received: by 10.43.57.202 with SMTP id wh10mr1491199icb.96.1301703854775; Fri, 01 Apr 2011 17:24:14 -0700 (PDT)
Received: from [192.168.0.50] (adsl-71-137-195-251.dsl.scrm01.pacbell.net [71.137.195.251]) by mx.google.com with ESMTPS id vr5sm1612484icb.12.2011.04.01.17.24.12 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 01 Apr 2011 17:24:13 -0700 (PDT)
Message-ID: <4D966CD9.3040204@gmail.com>
Date: Fri, 01 Apr 2011 17:24:57 -0700
From: Dzonatas Sol <dzonatas@gmail.com>
User-Agent: Mozilla-Thunderbird 2.0.0.24 (X11/20100329)
MIME-Version: 1.0
To: Morgaine <morgaine.dinova@googlemail.com>
References: <4D93E82C.7060503@gmail.com> <AANLkTinH2vz+HXTs2j60D2S4BsBH0uT=eG1kTnwBctfJ@mail.gmail.com> <4D949BFB.1010804@gmail.com> <AANLkTi=y3nSCw=nFVn0B0Q-6twov_Vq9MgZPrYC51YgO@mail.gmail.com> <4D94B1EF.2030206@gmail.com> <4D95EB3F.8090807@gmail.com> <AANLkTin4Jbho9hEcqDzMW8GanM9Snk70KsLYcnmjGVYk@mail.gmail.com> <4D960950.8090205@gmail.com> <AANLkTinA21R-0LTh26YZMCfMrs18am8JogGv6kWSPTvN@mail.gmail.com>
In-Reply-To: <AANLkTinA21R-0LTh26YZMCfMrs18am8JogGv6kWSPTvN@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: vwrap@ietf.org
Subject: Re: [vwrap] "Trust Domains", conditioners and refineries
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Apr 2011 00:22:36 -0000

That still is some debate over mechanisms that only serve as an example 
or use-case, not further topology of such network, capability, and 
content path.

We could argue such straw men, yet I'm not in the mood. Anyways... can 
we stay on track of terminology and asset services. Thanks.

Morgaine wrote:
> On Fri, Apr 1, 2011 at 6:20 PM, Dzonatas Sol <dzonatas@gmail.com 
> <mailto:dzonatas@gmail.com>> wrote:
>
>     I guess your reply is purely April 1st themed, as there are surely
>     protocols in use now on the Internet, yet you make it sound like
>     nobody trusts the Internet...
>
>
> A lot of people trust the Internet at face value.  Our innocent, 
> well-intentioned but technically uninformed families are among them.  
> That is why organized crime has such an easy ride online.
>
> In this group we are better informed than that though, and (hopefully) 
> we understand that trust of an unknown remote 3rd party means 
> absolutely nothing because "trust" and "unknown remote" is a 
> contradiction in terms, even if they possess a cryptographically 
> signed certificate.
>
> An X.509 credential means nothing except that the endpoint is 
> recognizable for the session.  It says nothing about participant 
> trust, it says nothing about information security, it does not protect 
> against contrary intentions, and most importantly, it provides no 
> technical mechanism for achieving the goal of "domain protection" that 
> some people here think it supports.  Thinking that X.509 offers 
> anything beyond network endpoint identification is a misunderstanding 
> of the technology and of security.  It is not a wall.  It is just a 
> lock on the wall, and everything beyond the lock is unsecured.
>
> And it gets even worse than that.  I have had the misfortune of being 
> assigned the duty of interfacing with a leading certificate provider 
> over several years, and can attest that certificates are granted 
> without any kind of strong care and assurance.  The process is 
> effectively non-scalable, because as the population of certificate 
> holders increases, the controls become ever less strong, and the 
> meaning of holding a certificate reduces to virtually nothing.  It 
> certainly affords no trust.
>
> Having faith in empty delusions is rather common in humanity, but we 
> don't need to enshrine them in an IETF protocol.  We already have 
> enough concrete work with goals that are verifiable on our plate.  
> Adding unverifiable delusions to the protocol does not gain us 
> anything beyond a warm feeling stemming from incompetence about security.
>
>
> Morgaine.
>
>
>
>
>
> =========================
>
>
> On Fri, Apr 1, 2011 at 6:20 PM, Dzonatas Sol <dzonatas@gmail.com 
> <mailto:dzonatas@gmail.com>> wrote:
>
>     I guess your reply is purely April 1st themed, as there are surely
>     protocols in use now on the Internet, yet you make it sound like
>     nobody trusts the Internet... again
>
>     Morgaine wrote:
>
>         I hope you realize that "trust domains" don't actually exist
>         outside of some people's passion for buzzwords.
>
>         Having worked in defense security and looked beyond buzzwords
>         into what really happens with information protection and
>         leakage, the concept of technically-secured trust in an open
>         client-server system lies somewhere between delusion and
>         comedy.� No, just no.
>
>         Information is secure only when it is not released and not
>         accessible.� In our VW architecture, all visible content is
>         sent to all participants in the simulation by architectural
>         design, and its non-distribution beyond that set of
>         participants is not assurable.� Indeed, it is objectively
>         impossible to assure, because there is no control over public
>         outbound information channels in our architecture, and even
>         less control over covert channels.
>
>         That makes all talk about "trust domains" here an exercise in
>         futility, some kind of reliance on "faith" and wishful thinking.
>
>         The merits of comedy aside, I suggest that we stick to
>         concepts that we can underpin with concrete technology and
>         implement in protocols.� Trust is not one of them and just
>         wastes time, despite the cuteness of the term "trust domain".
>
>         If you want to keep information secure, don't send it to
>         somewhere that is insecure such as a remote client.� That's
>         the technical solution, stripped of wishful thinking.
>
>         Whatever one may think of the defense industry, at least they
>         analyze issues to avoid self-delusion.� We may not have a
>         defense budget here, but that's not a reason for promoting
>         concepts that simply don't work.
>
>
>         Morgaine.
>
>
>
>
>         ======================
>
>         On Fri, Apr 1, 2011 at 4:11 PM, Dzonatas Sol
>         <dzonatas@gmail.com <mailto:dzonatas@gmail.com>
>         <mailto:dzonatas@gmail.com <mailto:dzonatas@gmail.com>>> wrote:
>
>            Of replies received and to forward this further, the ideal
>         "trust
>            domains" are established in file by X.509 (and more recent
>         claims)
>            or by login credentials/authentication. This flexibility of
>         these
>            two alone to establish such domain already defeats the
>         purpose to
>            use client/server terminology except at the transfer-level.
>            Consider that LLIDL & REST is above the transfer-level (from
>            source-level perspective), there is not much need to use
>            client/server terminology (except if you want pedantic
>         buzzwords).
>
>            Please let me know if there is some other case.
>
>
>            Dzonatas Sol wrote:
>
>                Added "trust domains" to the subject line to hopefully
>         narrow
>                this thread before it goes into some random debate.
>
>
>
>
>            --     --- https://twitter.com/Dzonatas_Sol ---
>            Web Development, Software Engineering, Virtual Reality,
>         Consultant
>
>            _______________________________________________
>            vwrap mailing list
>            vwrap@ietf.org <mailto:vwrap@ietf.org>
>         <mailto:vwrap@ietf.org <mailto:vwrap@ietf.org>>
>
>            https://www.ietf.org/mailman/listinfo/vwrap
>
>
>         ------------------------------------------------------------------------
>
>
>
>         _______________________________________________
>         vwrap mailing list
>         vwrap@ietf.org <mailto:vwrap@ietf.org>
>         https://www.ietf.org/mailman/listinfo/vwrap
>          
>
>
>
>     -- 
>     --- https://twitter.com/Dzonatas_Sol ---
>     Web Development, Software Engineering, Virtual Reality, Consultant
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> vwrap mailing list
> vwrap@ietf.org
> https://www.ietf.org/mailman/listinfo/vwrap
>   


-- 
--- https://twitter.com/Dzonatas_Sol ---
Web Development, Software Engineering, Virtual Reality, Consultant

v2.23.0 | Report a Bug | By Email