[Wimse] Re: Discussing motivations and drawbacks for multiple service attestation
Daniel Feldman <dfeldman.mn@gmail.com> Tue, 28 May 2024 18:30 UTC
Return-Path: <dfeldman.mn@gmail.com>
X-Original-To: wimse@ietfa.amsl.com
Delivered-To: wimse@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDB5C1E0D62 for <wimse@ietfa.amsl.com>; Tue, 28 May 2024 11:30:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 509MT5yip4vP for <wimse@ietfa.amsl.com>; Tue, 28 May 2024 11:30:43 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D360C1E0D7A for <wimse@ietf.org>; Tue, 28 May 2024 11:30:43 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-a6267643794so59256966b.2 for <wimse@ietf.org>; Tue, 28 May 2024 11:30:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716921041; x=1717525841; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Xi/gfcrKSLbdxLpCT9ALI1AuI9Z5dQ0j4/l1ppRVgOs=; b=IYhj00YmLPuQP4jED9VYmzTWj52NgiLQ9JjdZ1h1brxspL/cxAE6q8z8aK7i6MyL8B MSHzwKy+z5sFLADOyDuqUvhE83oknRGOUdxK+BToG4eyJlF+FOjpu4ZryYIeOCMRkrge 2EVz92yx1CgrF+VWmGcngkt7/kpA/XqmLZ8KGfQ8TLOv2zPr3Jy1/W0SINgQleZMKW0J G+56p0tiX22U33CKUY/EiUlpXYnhoCXqPGzPQzcu+FisyNNRKMG7yxtaLD8HBYUCLYBa FoV0yiMKB8bE/zd15pDrgET5c3U21vJRD+S0aeo9eeGAqsbKEyfWValpE8/wL7tV7cO8 RWVw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716921041; x=1717525841; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Xi/gfcrKSLbdxLpCT9ALI1AuI9Z5dQ0j4/l1ppRVgOs=; b=hKGf75PCzNeOkreQlblnmL8eW8EVsPsiLLY8NvhNZ1VmUjVD+sw/3H47o8lP+lfF6T AtOyFBxKufisnChfN0uOvJTybu558Ix9QPlP52fZv62jJpdDaaM8VM0+5PMKgNAhCuY+ ixGhiMxyGNLnsmKXGPsyduQSgYM/FRMg477KZKZ4jnHaQRbrNyYVKWbJy2WpCw7+B9IO MFE0EL1kHIZ95auZHypsaYzVu7C8ZtColF/wWHmrxDYrMlVGqq49aRh3rHNfhtMkq7NG oKbf6zROGJHUfQ0j/Cu6IAWhtAPfgYDha+K2oQc7QzPxbhH25Q9w3KNFjwIHhm98mCXw UEqg==
X-Gm-Message-State: AOJu0YxZuO0LhEG6OpRNuVrZ+SdqnJfsEbOwyMUCV09eHUr2G+VWVHXM inhYB/hQvDkayNwKmIJxDK9L8H/5DYT3Cy4yYKDoYzAn4suOOuEWidEuR+onxbzzebsGeP/O2GY DyEEZQ4eL4grotZuNg3hv22Vi4DE=
X-Google-Smtp-Source: AGHT+IHNqpR7a6qfI+d6fHYEL/xOHcpcVWwkLoJ/8gLHvxxt4abZTCCKHr7xxdWhuzL9muP/y9K6pJ6q/YGorOdpUfo=
X-Received: by 2002:a50:9b1c:0:b0:572:3f41:25aa with SMTP id 4fb4d7f45d1cf-5785194da8fmr11203647a12.11.1716921040940; Tue, 28 May 2024 11:30:40 -0700 (PDT)
MIME-Version: 1.0
References: <CAOmUX7LpryugDRLdgaDDbRLVd3mwU0jjQyfLk8hg14CQFu1cBA@mail.gmail.com> <CACsn0c=NjnPwGS6J1vcciCx0kL4NkYn6FTQOevwnHOBYzYLaVQ@mail.gmail.com>
In-Reply-To: <CACsn0c=NjnPwGS6J1vcciCx0kL4NkYn6FTQOevwnHOBYzYLaVQ@mail.gmail.com>
From: Daniel Feldman <dfeldman.mn@gmail.com>
Date: Tue, 28 May 2024 13:30:03 -0500
Message-ID: <CAOmUX7+sULhiwCD5Red16vEstrY8WfkyUDmU0YWEazeJugPZdg@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000c0badb061987d421"
Message-ID-Hash: CR3D52WYCF7KUTMMPKT5LVDSFJTI4VSG
X-Message-ID-Hash: CR3D52WYCF7KUTMMPKT5LVDSFJTI4VSG
X-MailFrom: dfeldman.mn@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: wimse@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Wimse] Re: Discussing motivations and drawbacks for multiple service attestation
List-Id: WIMSE Workload Identity in Multi-Service Environment <wimse.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/wimse/6DxfD-dKt10SZav9fIi1bAiTwx0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/wimse>
List-Help: <mailto:wimse-request@ietf.org?subject=help>
List-Owner: <mailto:wimse-owner@ietf.org>
List-Post: <mailto:wimse@ietf.org>
List-Subscribe: <mailto:wimse-join@ietf.org>
List-Unsubscribe: <mailto:wimse-leave@ietf.org>
Thanks Watson! Great point. I think that while existing standards like mTLS, DPoP and HTTP Message Signatures can all help secure point-to-point traffic, there is no RFC saying exactly how to use them in combination for service-to-service communication specifically. So there is likely value in developing that. But there would be more value in building on top of that foundation. Cheers Daniel Feldman
- [Wimse] Discussing motivations and drawbacks for … Daniel Feldman
- [Wimse] Re: Discussing motivations and drawbacks … Watson Ladd
- [Wimse] Re: Discussing motivations and drawbacks … Daniel Feldman