[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks

To: Peter.Sylvester@xxxxxxxxxx, loic.houssier@xxxxxxxxxxxxxxxxx
Subject: RE: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks
From: Peter Sylvester <Peter.Sylvester@xxxxxxxxxx>
Date: Fri, 17 Dec 2004 14:18:16 +0100 (MET)
Cc: ietf-ltans@xxxxxxx
List-archive: <http://www.imc.org/ietf-ltans/mail-archive/>
List-id: <ietf-ltans.imc.org>
List-unsubscribe: <mailto:ietf-ltans-request@imc.org?body=unsubscribe>
Sender: owner-ietf-ltans@xxxxxxxxxxxx

> > but you can have different type of USERS and SERVICES, it depends
> > on where you put responsibilities. And sometime you need a 'NOTARY'
> > in between. 
> > 
> [LH] I need there an explanation what's a 'NOTARY' in this case ?
> 
*My* interpretation is: The 'notarisation middleperson' has a contract
with some archiving service provider or operates its own boxes to
store data. The interface to this box is secured with whatever way between
the 'notarisation service' and the box. 

on the other side, janus has clients that need some 'attestation',
in order to add this to a 'dossier' or not.  

...

> > the Internet? 
> 
> [LH]But maybe I gave a clumsy example. Let's think about DRM. Artist can store music theme without needing confidentiality I think.

I think there is no disagreement; there different situations. There
is some desire from the client to have a particular level of confidentiality,
and the service proposes some way to respect this. This can be that the
serice says: you have to encrypt your data by yourself, we do our best
not to communicate to others but ... (I am not saying what I'd do
as a customer in this case). 

But even that artist data may be public, it may not mean that everybody has
a total access to the data *and* the way they are stored. The operator
may choose a bunker, which as a side effect ensures *some* confidentiality,
although this is not its main purpose. 

> Furthermore, I'm not sure I understand what you say...
> Are we OK in the fact that the TAA must not deal with confidentiality, wheter it is dealed by submitter or front-end service ?
> 
I think we agree, but to be sure: 

Since there are different layers and services, some parts may contribute to 
onfidentiality, others do not. The back back end stores data, the meaning of
the data may be pretty undefined there, i.e. there may not be many requirements for
the data to reveal something about the information they represent (it could be
encrypted docs, or pieces). 

An operator provides some means not to operate in a totally open environment,
but that's just a common sense or defense in depth behaviour.
 

/P

Prev by Date: RE: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks
Previous by thread: RE: [draft-ietf-ltans-reqs-03.txt] Questions & Remarks
Index(es):
- Date
- Thread