[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Machine Identity

To: discuss at apps.ietf.org
Subject: Re: Machine Identity
From: der Mouse <mouse at Rodents.Montreal.QC.CA>
Date: Tue, 26 Feb 2008 12:50:50 -0500 (EST)
Delivered-to: ietfarch-discuss-web-archive at core3.amsl.com
Delivered-to: discuss at core3.amsl.com
In-reply-to: <20080226160412.GA22833 at nic.fr>
List-help: <mailto:discuss-request@ietf.org?subject=help>
List-id: general discussion of application-layer protocols <discuss.ietf.org>
List-post: <mailto:discuss@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/discuss>, <mailto:discuss-request@ietf.org?subject=unsubscribe>
References: <20080226130527.GA1404 at generic-nic.net> <200802261547.KAA20917 at Sparkle.Rodents.Montreal.QC.CA> <20080226160412.GA22833 at nic.fr>
Sender: discuss-bounces at ietf.org

> Such an identity should be almost unique (as is a number choosen at
> random in a very large space) and the machine should be able to prove
> that it indeed "owns" this identity (as is an ID which is the public
> part of a cryptographic key).

> For me, SSH keys or HIP Host Identifiers fulfill these requirments.

Then you have a relatively loose definition of "owns", because an SSH
identity demonstrates merely that the host has the cooperation of
someone who owns the identity.  Furthermore, there may be multiple
machines that own the identity in the sense of having the private data,
since the private data can be copied between machines.

That may be fine for your purposes, but there are people, such as DRM
wonks, to whom either of those two properties ("has the cooperation
of", and copyability) is unacceptable.  As someone remarked upthread,
get host identities and you'll find that lots of people actually want
something slightly different from host identities (no matter what value
of "host identities" it is you get).

Of course, for on-the-wire purposes, you can't prove more than "has the
cooperation of" no matter what you do; all you can demonstrate is that
some entity able to act as the other end of that packet stream you're
seeing has the identity in question.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse at rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- Machine Identity
  - From: Stephane Bortzmeyer
- Re: Machine Identity
  - From: der Mouse
- Re: Machine Identity
  - From: Stephane Bortzmeyer

Prev by Date: Re: Machine Identity
Next by Date: Re: Machine Identity
Previous by thread: Re: Machine Identity
Next by thread: Re: Machine Identity
Index(es):
- Date
- Thread