On 10/03/2012 03:38 PM, Sam Hartman wrote:
>>>>>> "Stephen" == Stephen Farrell <[email protected]> writes:
> 
>     Stephen> On 10/03/2012 02:58 PM, Sam Hartman wrote:
>     >> So, I'm a bit confused why we're discussing whether hop-by-hop
>     >> integrity is good enough.
> 
>     Stephen> I guess its at minimum a reaction to ignoring a signature.
>     Stephen> It may well be ok, but I think it needs justifying, if the
>     Stephen> WG go this way.
> 
> I'd like to push back on this reaction in the strongest possible terms.

Push away.

But note that my reaction has not been to say "don't do
that" - I'm saying "justify that."

Note also that we're moving away from abfab-specific things
to generalities.

> The idea that it's bad to ignore a signature, but it would be acceptable
> to not have a signature at all decreases the value of signatures.  

Perhaps. Or maybe its that optionally-signed things decrease
the value of signatures when those are present compared to
always-signed things.

> It
> means that by adding a signature we decrease interoperability.  

That's definitely true. Adding any crypto decreases interop.

> However
> if the RP would accept an unsigned object, we gain no security
> advantage.

An RP could choose depending on the to-be-signed/unsigned
value(s) and get a security advantage. For example, something
along the lines of being ok with "local" stuff not being signed
on the assumption that some border node will already have
prevented a bad version of that arriving, but treating
non-local signed or unsigned things differently. (For some
definition of "local.")

> I'd like to ask you to think about whether that reaction--the negative
> response to ignoring a signature--is ever appropriate in a case where
> the signature is optional. If so I'd like to understand why.

I think it can be appropriate sometimes as per the
above.

Cheers,
S.

> 
> --Sam
> 
> 
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab

Reply via email to