[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

To: ben@xxxxxxxxxx (Benjamin Black)
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
From: Martin Rex <martin.rex@xxxxxxx>
Date: Fri, 12 Jan 2007 00:47:18 +0100 (MET)
Cc: tls@xxxxxxxx
In-reply-to: <45A68B76.9010403@xxxxxxxxxx> from "Benjamin Black" at Jan 11, 7 11:09:42 am
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

Benjamin Black wrote:
> 
> i know approximately nothing of EU data protection requirements, but
> something about US and payment card industry data protection
> requirements.  if there is PII or payment instrument information in the
> "audit record" produced by this proposal, then that audit record must
> either be modified to eliminate or secure the PII/PI sections, defeating
> the purpose of the record, or it must be treated, in its entirety, as
> PII/PI.  that second option is particularly onerous.

Interesting!  So this problem may actually exist in the US as well,
albeit not as thorough as here.

So an application-level approach should not only standardize the
tagging of to-be-signed content, it should actually provide two
seperate tags resulting in two independent signatures, one
over all the data that ought to be authenticated during
processing of the transaction and one signature over only
the data that is to (and legally permitted to be) persisted.

Since some people are so keen on having the signature be
created in close vincinity of the TLS implementation:
this shouldn't be such a difficult problem.

In contrast to the TLS Evidence architecture, an app-level
approach is just fine with the communication/signalling
capabilities of the exiting software architecture.

possible Frontend-signing scheme at app-level:

client  -> TLS ->  page request            -> TLS  ---> server
client  <- TLS <-  FORM with sign-request <-  TLS  ---  server
client  -> TLS   (client requests signature)
client  <- TLS   (client receives signature)
client  -> TLS -> POST with signed reply  ->  TLS ---->  server

No backward signalling, reversing the message stream between
server and server-side TLS(-accellerator) necessary
(for triggering evidence start,end, retrieving result
 and evidence blob)

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

Follow-Ups:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Mark Brown

Prev by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00 - use to
Next by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Previous by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Next by thread: RE: [TLS] Please discuss: draft-housley-evidence-extns-00<
Index(es):
- Date
- Thread