[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TLS] Please discuss: draft-housley-evidence-extns-00<

To: "home_pw@xxxxxxx" <home_pw@xxxxxxx>, "martin.rex@xxxxxxx" <martin.rex@xxxxxxx>
Subject: RE: [TLS] Please discuss: draft-housley-evidence-extns-00<
From: Stefan Santesson <stefans@xxxxxxxxxxxxx>
Date: Fri, 12 Jan 2007 19:24:27 +0000
Accept-language: en-US
Acceptlanguage: en-US
Cc: "tls@xxxxxxxx" <tls@xxxxxxxx>
In-reply-to: <BAY126-DAV1531A9C0FA9A9E384EDBF092B00@xxxxxxx>
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
References: <A15AC0FBACD3464E95961F7C0BCD1FF01D6E0EAA@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>from "Stefan Santesson" at Jan 11, 7 06:33:08 pm<200701112043.VAA02623@xxxxxxxxxxxxxxxxxxx> <A15AC0FBACD3464E95961F7C0BCD1FF01D6E0EE8@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <BAY126-DAV1531A9C0FA9A9E384EDBF092B00@xxxxxxx>
Thread-index: Acc13hWpameOCbufSxmAFu6fE3aPhgAoB1Qw
Thread-topic: [TLS] Please discuss: draft-housley-evidence-extns-00<

I think we can clearly separate the issue of information sharing from an ID authentication technology from this draft dealing with capturing and signing information shared between two parties.

The relevant issue your raise is if the capturing of data from lower communication layers and storing them as part of a signed audit record can be problematic from a user integrity perspective. I think you have made strong arguments that it can.

I'm still trying to figure out exactly how big of a problem this is but this might very well be the reason why this proposal is a bad idea.

Stefan Santesson
Senior Program Manager
Windows Security, Standards


> -----Original Message-----
> From: home_pw@xxxxxxx [mailto:home_pw@xxxxxxx]
> Sent: den 11 januari 2007 16:10
> To: Stefan Santesson; martin.rex@xxxxxxx
> Cc: tls@xxxxxxxx
> Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
>
> Stefan:
>
> http://europa.eu/rapid/pressReleasesAction.do?reference=IP/03/151&forma
> t=HTML&aged=0&language=EN&guiLanguage=en
>
>
> ----- Original Message -----
> From: "Stefan Santesson" <stefans@xxxxxxxxxxxxx>
> To: <martin.rex@xxxxxxx>
> Cc: <tls@xxxxxxxx>
> Sent: Thursday, January 11, 2007 2:54 PM
> Subject: RE: [TLS] Please discuss:
> draft-housley-evidence-extns-00<
>
> Martin,
>
> Thank you for your elaborate answer and references.
> It would not surprise me though if Germany in this area is
> more radical than other EU countries, but that does not make
> your argument invalid.
>
>
> Stefan Santesson
> Senior Program Manager
> Windows Security, Standards
>
>


_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Martin Rex
- RE: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: Stefan Santesson
- Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: home_pw

Prev by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00 - brokerage illustration
Next by Date: RE: [TLS] Please discuss: draft-housley-evidence-extns-00 - brokerage illustration
Previous by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Next by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
Index(es):
- Date
- Thread