From: Carsten Bormann <cabo@xxxxxxx> Sent: 28 May 2024 19:42 Hi Ned, thanks for providing the citation and the thoughts about using this term. For a current example of how the term is used in the IETF, please see [0]. [0]: https://www.ietf.org/archive/id/draft-lopez-opsawg-yang-provenance-02.html (Unfortunately, RFC 4949 *uses* provenance once, but does not *define* it, maybe for similar reasons as here.) Authentication and integrity protection are methods (or can be abstracted into objectives) that can be used to ascertain provenance. The term provenance is not exactly defined in Section 8 because it really doesn’t have to be: The text in question is about security considerations, not about defining a protocol for achieving or communicating provenance (which would be out of scope for this interchange format definition). What the user of a information/interaction model really cares about is its provenance (and applicability), not how that is reliably communicated by way of authentication, integrity protection, endorsement, appraisal, policy etc. When I said that provenance is a stronger word, I meant that this is really the objective that we desire to support by addressing those specific objectives. I thought that mentioning that provenance implies authentication and integrity protection [1] would be enough to address the fact that these objectives/mechanisms are not otherwise mentioned in the security considerations. <tp> I had never come across provenance until I got involved with a museum and in such institutions it is critical. But it means what happened between where an object started life - something that is usually clearly stated - and where it is now, how it got from A to B, whose hands it passed through; and along the way, the object likely changed at least in some regard so integrity is very much absent in my understanding of the term. Without provenance, then there is the risk of forgery, of fake items being inserted somewhere along the line. Here I think that the challenge is that by the time we see the data, it may have already passed through other unknown hands and it is hard to know how trustworthy the data we see now is ie it is the integrity of the data that is suspect - provenance does not really help. Tom Petch [1]: https://github.com/ietf-wg-asdf/SDF/pull/157/files Grüße, Carsten > On 28. May 2024, at 20:25, Smith, Ned <ned.smith@xxxxxxxxx> wrote: > > The draft uses provenance without defining it. There is a definition in NIST SP800-53r5: > “The chronology of the origin, development, ownership, location, and changes to a system or system component and associated data”. > It isn’t clear if the I-D authors intended this definition or something else. If this is the intended definition, then the NIST definition doesn’t specifically say “authentication”, “integrity”, or (attestation) “appraisal”. But if the authors intended these properties, they could have used those words directly rather than “provenance”. If they intended the NIST definition of provenance, they could site the NIST document. > -Ned -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
